I'd like to find where i can see which rule is tagging messages as they come in to the Log Viewer console. I have 800 different Rules, and a couple of them seem to be tagging Logs for incorrect vendors. I'd like to check the rules that have tagged these messages, but i can't effectively go through 800 rules one at a time. I'm hoping there's some log messages on the system that would indicate which Rule was used to tag.
So it seems this is not as straight forward as a query unfortunately. There are no indications in the DB about what rule applied the tag. The only place to see what you are looking for is likely in the logs and only if the level is set to debug which can generate a great deal of info very quickly. This may be a situation where it is better to open a ticket and ask the support team to step through this with you so you can isolate the rules in question. if you decide to do that, please ping me the ticket number so I can keep an eye on it internally.
Hmm, the problem for me is going through hundreds of rules individually. Thanks Jvb! Ticket 00474905. Haven't heard back since Tuesday.
Yep, understood. Lots of customers have a large amount of rules so we may need to look at improving this from a diagnostic level. Thanks for the input! I will keep an eye on the ticket and nudge it if need be.
Is there a way to see the count of how many times a particular rule fired? that may help me whittle it down to the most likely offenders.
Well i was able to come up with an easy workaround that got me what i was after. I cloned an already existing Log Alert, and changed the trigger condition to only a vendor that i knew wasn't a legit target but was still being tagged.
and said include Processing Rule where "is not empty".
In the trigger action, i put 3 variables, the Log Message, the Rule Name, and Rule Definition ID.
It didn't take long to trigger, and as soon as it did, i see in the alert message the name of the rule that triggered the alert.
And sure enough, after going to that rule, i found that it did not have any conditions or limitations applied, corrected it, and haven't seen any improperly fire since.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.