• State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 38 subscribers
  • Views 2366 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Custom chart not showing all data from SWQL query

shuth

I have a custom chart showing the number of times particular alerts have triggered over the last 30 days. The original query I've copied from a post by marcnetterfield​ a long time ago but lost the source.

The problem is the chart doesn't line up with the output of the SWQL query in table form and I'm missing entries on the chart. In the screenshot below, the table and chart datasource is the same SWQL query. There are 8 unique alert names and the highlighted 4 are not shown on the chart. Of the alerts shown in the chart, the values match up exactly with the table excluding the missing alerts.

Edit: Pasting an image on thwack is painful. It resizes and distorts or blurs it into an unrecognisable mess. I've tried 5 different times to paste the below image in or used the Insert Image and it ends up worse each time.

So here is an imgur link: https://imgur.com/3QRqnla

custom_chart_table.jpg

Any thoughts of what I'm missing here? Bad SWQL as a datasource?

SELECT
ah.alertobjects.AlertConfigurations.Name AS [Alert Name]
,COUNT(Message) as [Alert Count]
,DATETRUNC('day',Timestamp) as [Date]

FROM Orion.AlertHistory ah
where EventType = 0
and DAYDIFF(timestamp, GetDate()) < 30
and ah.alertobjects.AlertConfigurations.Name LIKE '%Sev%'

GROUP BY ah.alertobjects.AlertConfigurations.Name, DATETRUNC('day',timestamp)
ORDER BY ah.alertobjects.AlertConfigurations.name
  • 0

    Is there any filter present on the view you're displaying the chart on?

  • 0 in reply to adam.beedell

    There are no view limitations on that view. I also tried it within a report and the same objects are missing. There are no account limitations on my account either (which is also full admin). I think if it were view/account limitations, it would also hide the result from the table.

  • 0 in reply to shuth

    I'm guessing something filtering-related.

    Got anything that's rounding data up on the time settings on the chart? - In fact what does the custom chart settings look like in general?

  • 0 in reply to adam.beedell

    Agreed - something is happening when the data is loaded into the chart. The thing that is confusing is the same data source/query works fine in a custom table (and custom query) resource.

    Chart Config

    Data source: the query in my original post

    Time Period: Last 30 Days

    Left Y-Axis

    Units: Empty

    Chart type: Stacked column

    Data Series: Alert Count    (under More > Time column: Date )

    Group chart data by: Alert name

    Legend shows: Alert name

    Time Periods: Once a day

    pastedImage_5.png

    This is the output of a custom table using the same query on the same view. The 4 bolded rows don't show up in the chart.

    ALERT NAMEALERT COUNTDATE
    VIC - Sev 3 - Node Down111/09/2019 12:00:00 AM
    VIC - Sev 2 - Node Down213/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down913/09/2019 12:00:00 AM
    WA - Sev 2 - Node Down213/09/2019 12:00:00 AM
    VIC - Sev 1 - Node Down113/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down414/09/2019 12:00:00 AM
    VIC - Sev 1 - Node Down315/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down115/09/2019 12:00:00 AM
    WA - Sev 3 - Node Down116/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down1016/09/2019 12:00:00 AM
    VIC - Sev 1 - Node Down218/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down121/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down924/09/2019 12:00:00 AM
    VIC - RCH - Sev 2 - Node Down124/09/2019 12:00:00 AM
    VIC - Sev 2 - Node Down124/09/2019 12:00:00 AM
    WA - Sev 2 - Node Down124/09/2019 12:00:00 AM
    WA - Sev 2 - Node Down425/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down925/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down126/09/2019 12:00:00 AM
    SA - Sev 1 - Node Down227/09/2019 12:00:00 AM
    WA - Sev 1 - Node Down227/09/2019 12:00:00 AM
    VIC - Sev 1 - Node Down230/09/2019 12:00:00 AM
    WA - Sev 2 - Node Down42/10/2019 12:00:00 AM
    WA - Sev 1 - Node Down72/10/2019 12:00:00 AM
    WA - Sev 2 - Node Down83/10/2019 12:00:00 AM
    WA - Sev 1 - Node Down103/10/2019 12:00:00 AM
    WA - Sev 2 - Node Down464/10/2019 12:00:00 AM
    WA - Sev 1 - Node Down934/10/2019 12:00:00 AM
    WA - Sev 2 - Node Down139/10/2019 12:00:00 AM
    WA - Sev 1 - Node Down409/10/2019 12:00:00 AM
    VIC - Sev 1 - Node Down99/10/2019 12:00:00 AM
    VIC - Sev 2 - Node Down49/10/2019 12:00:00 AM
  • 0 in reply to shuth

    Just replicated in my environment and didn't notice an obvious gap and each reported alert name was present somewhere

    Do your missing alerts show up on the chart with different sample intervals on the chart options?

    If you do the same thing for the WHERE filter %Sev 2% does the missing Sev2 show up or is it still missing?

  • 0 in reply to adam.beedell

    Tried changing the filter to %Sev 2% - still doesn't show the missing alert. I also tried changing to different intervals - no go there either.

    pastedImage_0.png

    With a filter for Sev 3, the chart has no data.

    pastedImage_1.png

    Shows up in the data source preview.

    pastedImage_2.png

  • 0

    This particular client is running on NPM 12.2. I went through the Orion Core platform release notes and found references to custom chart fixes in Orion 2018.2. It might be related to the first entry. I don't think it is top records as I bumped it up to 100 and it didn't resolve the issue.

    00022780, 00032805, 1130747, 1125894

    		Custom chart resources display correctly.
    876639, 889594, 920136, 1102219, 1358660Custom charts show only the number of top records configured in the Show only limited number of top records.

    NPM 12.2 is a couple of years old now. I'll advise the client to upgrade.

  • 0 in reply to shuth

    Well worth a shot - It's a weird one!

  • 0 in reply to shuth

    That is very weird! - I'm out of convenient ideas, but in a pinch you could send the data off to googlecharts API or something to regraph it that way?

  • 0

    shuth
    I loaded it up in my environment, but noticed a different issue. All of my numbers appear to be correct, though they are all off by 1 day. (between the table and the chart)

    Orion Platform 2018.4 HF3, SCM 1.1.0, NCM 7.9, NPM 12.4, DPAIM 11.1.1, VMAN 8.4.0, SAM 6.8.0, NetPath 1.1.4

    pastedImage_0.png

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.