cancel
Showing results for 
Search instead for 
Did you mean: 
wdecatur
Level 9

Re: SEM\LEM not showing all events

Jump to solution

That's my understanding as well, sadly however that's not what the account manager told my boss when she was on the phone with him. We were looking for something that would hold all our log files and allow us to sort through them to track down a variety of problems. One of our biggest issues is trying to do a root cause analyst when issues occur. I often bring up STP on our network devices as an example because that was one such issue that this system should have helped me resolve. I had installed a new switch, configured it properly but never checked to make sure it wasn't going to be the root. That new switch became the root and ended up disabling the ether channel I had on another causing the now only 1GB link to overload bringing the network to its knees on several occasions. Sadly it took me almost a month to track down as it was random and by the time I got into the network to figure it out the problem was resolved.  When we were originally looking for an application we had considered several different applications, Splunk being one of them. However considering the price and the idea that LEM would do exactly what we wanted we chose LEM.

I understand this could potentially crash the system if I gather too many alerts but I'm confident I can do exactly what you do, only send to LEM what I want to gather. I honestly would much rather be in control over this than hard limitations. With that said I did just get an email from support telling me that the connector is finished with instructions on how to install.

But first I need to contact Support to figure out why the VM keeps crashing. Once I get all this done I'll write up something pretty and post here for any future person having the same issue

0 Kudos
mesverrum
Level 20

Re: SEM\LEM not showing all events

Jump to solution

At the end of the day those connector tools are just a big list of regex rules that parse the incoming event and decide what type of event they are and break out all the parts of the message for normalization.  I've felt hackish before and exported mine out and imported back in a modified version as a new connector profile, but obviously that kind of thing is unsupported.

Marc Netterfield
https://github.com/Mesverrum/MyPublicWork
Highlighted
wdecatur
Level 9

Re: SEM\LEM not showing all events

Jump to solution

I wish I had a better understanding of doing just that. This program feel vastly different than the other SolarWinds products I've used.

But on a plus side I did manage to get my problem resolved and it was just about what you have done, except I didn't do it. The Dev team over at SolarWinds managed to write me up a new connector, gave me instructions on how to upload it and … with a tech support call managed to get the switches using it. I'm still confused as to how this all works but what your saying makes sense, all that connector does is filter out information. This new connector doesn't do any of that, just posts the raw data. With that said I'm guessing I've increased my events from say 10 a week per switch to around 10k, well below what my system can handle but we shall see as I start increasing what is sent. That procedure, well that's an entirely different subject

For those having the same problem, I wish I could give you a step by step on how to resolve this but it required getting the connector from SolarWinds

0 Kudos
ecklerwr1
Level 19

Re: SEM\LEM not showing all events

Jump to solution

I'd be curious to know what you've done like this mesverrum​ sounds interesting... have you tried to make one from scratch before or figured out the syntax pretty well now?

Bill

0 Kudos
mesverrum
Level 20

Re: SEM\LEM not showing all events

Jump to solution

I was modifying an existing template as a one-off, but the syntax I was messing with was basically just regex with capture groups.  Building the logic wasn't rocket science but to build one completely from scratch would be a pretty significant amount of work to create all the rules.

Marc Netterfield
https://github.com/Mesverrum/MyPublicWork