• State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 25 subscribers
  • Views 1046 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Filtering NCM reports for specific nodes

mr.e

I am new to NCM and am already a bit confused about its reporting capabilities. For example, I tried to get a report about Policy Violations, but wanted to limit the report to only specific nodes, I noticed that I am not able to setup filters for the nodes (or groups of nodes) to be included in the NCM reports.  We have over 3,000 nodes, so getting reports for all our nodes is very impractical.  Am I missing something here concerning node (or group) filtering in NCM?  If so, I would very much appreciate some guidance.  Thanks! emoticons_cool.png

  • 0

    First off, the policy violations section is quite different than the report writer.  Not going to get into specifics here, but it might be something you want to look into closer.

    Compliance reports are comprised of three things.  At the bottom level you have a series of rules, which are the individual components in a report.    These are the building blocks upon which you build the entire report, usually best to keep them to checking a single component.   

    Above that you have "Policies", and this is the important part for you.  Policies are comprised of any number of rules.   You can re-use the same rule in multiple policies.   If you edit a policy you will notice that it allows you to select nodes in the report.  You have an "all nodes" selection which includes every node you have.  There is also a "Select nodes" where you can select individual nodes to use.  The one you will probably use the most though is the "Dynamic Selection".  Here you can choose nodes by whatever criteria is best for you.

    Above the "Policies" you have the reports.  Quite simply, Reports are comprised of a number of policies and roll them into one nice report...

    So, in order to "filter" the nodes, either edit the existing policies from the reports you are looking at and put in the limitations you want, or create your own policies/reports with the rules you want and go that route.

  • 0 in reply to cnorborg

    First of all, many thanks for your reply on this matter. Also, I don't know about other NCM admins, but this seems like a backwards way to set filters.  That is, I'd have to setup a Policy for every single one of my 350 offices (and over 4,000 nodes), in order for me to be able to filter on a per office basis. And, that's just for one policy type.  This could easily result in thousands of policies, unless I am missing something.

    Also, I guess I was not clear enough, since I meant to use the Policy Violations report just as an example. Anyway, a much better way would be for NCM to allow filtering any of its reports adhoc.  That is, I should be able to be as specific as I want in the filters for any of my NCM reports.  For example, what if I want to have an NCM report that shows nodes in the 11th floor for a specific office (or for just two offices in the East region)?  Hopefully, this gives you a better understanding of what I mean. 

    Again, unless I am missing something, it seems like NCM was meant to be used for a very small office.  I so wish to be proven wrong, since I really like NCM for its user-friendly interface. 

  • 0 in reply to mr.e

    I seem to be a bit tongue-tied today (or finger-tied???).  When I mentioned the NCM report for the nodes in the 11th floor... I meant for information only available via NCM (i.e. any of the inventory reports).

    Suffice to say that I want NCM to allow me to be as specific as I want in the filters I setup for any of its reports.  That is what we have currently with a competing product we own, which we were considering to replace with NCM.  I can run quick basic or advanced search for configuration and/or diagnostics for any of the nodes managed by this competing application.  So, in order to make it worth for us to switch to NCM, it needs to be able to let me tweak those very specific filters easily.  Otherwise, switching to NCM may be just a pipe dream for us.

    Again, many thanks!

  • 0 in reply to mr.e

    Well, remember I said that Policy Violations is very different from reporting.     So now I need to say that what I'm discussing right now is NCM 7.3, the new NCM 7.4 which is in Release Candidate stage has move to a new reporting engine that should have much better integration to the rest of the reporting in NPM.   But, for now the "Reporting" is in "Config" / "Reports", and Compliance or Policy Violations are in "Configs" / "Compliance".

    The current "reporting" you can do some basic filtering.   If you go into reports for instance, and "Node Details" then "All Nodes", this will at first bring up a listing of all nodes.   In the upper right-hand corner of that report is a couple boxes, one is a dropdown that on mine is by default set to "NodeGroup", the other is a text box that says "Search all rows".   If you click the dropdown you can see that you have a few other choices than "NodeGroup" to search by, lets set it to "IP Address" and then put in the 2 or 3 octets of one of your subnets, and then hit the magnifying glass next to it.  There you go, filtering within this report.   The fields you can filter by are based on the report that you are in, they're not always the same.   The new version 7.4 I'm guessing will be drastically different though.

    Compliance reports, where you get Policy Violations, are made to work with massive #'s of nodes at the same time.   These reports are to make sure that your devices are in compliance with your security and configuration policies.  Generally, these policies are consistent across your entire organization, ie: you won't have different policies for site 1 than site 350.   We have a couple different divisions that have some different policies from each-other, but there are many rules that stretch across our entire network.

    So yes, you are definitely missing something.  NCM is definitely NOT made for smaller offices, it was made for very large organizations.   I am sure that smaller organizations can gain some benefit from it also.  Using it I have been able to bring the close to 6000 devices in our network from being set up differently on a site-by-site basis, to instead having consistency in our configurations and helping to find anomalies that would have otherwise been buried in the massive number of configurations we have.

    I'm guessing you just need to work with it for a bit, maybe customize some things.  Might even look into the new 7.4 RC which sounds like it might have some features you want.

  • 0 in reply to cnorborg

    I called SW support and spent over 1 hour w/the technician.  Sadly, he was unable to show me how I could setup the filters in the NCM reports.  He concluded by telling me that he'll ask the developers but that it seems what I'm asking for is not doable.  So, if I am missing something, maybe he was missing it as well.   emoticons_cry.png

  • 0

    mr.e

    I had recently found, and been working on a similar project to what you are asking for.

    Little Help with SQL Query - NCM Report

    Compliance Report, Summarize & Count Multiple Violations Per Device

    I had found the following code, listed below, in the first link above, and adjusted it to work for what I needed it for.

    Perhaps, with a few minor adjustments, that meet your environment's settings, this SQL query will get you what you need.

    The adjustments I have made for this query should reflect our current versions of our Orion environment:
    "Orion Platform 2015.1.0, SAM 6.2.0, QoE 2.0, NCM 7.3.2, NPM 11.5, IVIM 2.0.0"

    There are 3 lines commented out, in the example below.

    Since you had mentioned, in one of you examples, you wanted to filter/look at only the nodes that were on a specific floor, at a specific location/office, I presumed you would have custom properties assigned to each node to distinguish each.

    SELECT  
    

    TOP 100 [SWNPMDB].[dbo].[NodesData].[Caption], [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[ReportName], [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[RuleName],  
    

    SUM(CASE errorLevel WHEN 0 THEN 1 ELSE 0 END) AS Info,  
    

    SUM(CASE errorLevel WHEN 1 THEN 1 ELSE 0 END) AS Warnings,  
    

    SUM(CASE errorLevel WHEN 2 THEN 1 ELSE 0 END) AS Critical  
    

      
    

    FROM  
    

    [SWNPMDB].[dbo].[NCM_PolicyCacheResults]
    

      INNER JOIN [SWNPMDB].[dbo].[NCM_ConfigArchive]
    

      ON [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[ConfigID] = [SWNPMDB].[dbo].[NCM_ConfigArchive].[ConfigID]
    

      INNER JOIN [SWNPMDB].[dbo].[NCM_NodeProperties]
    

      ON [SWNPMDB].[dbo].[NCM_NodeProperties].[NodeID] = [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[NodeID]
    

      INNER JOIN [SWNPMDB].[dbo].[NodesData]
    

      ON [SWNPMDB].[dbo].[NodesData].[NodeID] = [SWNPMDB].[dbo].[NCM_NodeProperties].[CoreNodeID]
    

      INNER JOIN [SWNPMDB].[dbo].[NodesCustomProperties]
    

      ON [SWNPMDB].[dbo].[NodesData].[NodeID] = [SWNPMDB].[dbo].[NodesCustomProperties].[NodeID]
    

      
    

    WHERE[SWNPMDB].[dbo].[NCM_PolicyCacheResults].[IsViolation] = 1
    

    --AND ([SWNPMDB].[dbo].[NCM_PolicyCacheResults].[ReportName] = 'Occam_Profiles_STANDARD_And_BASIC') -- CHANGE THIS TO MATCH THE REPORT NAME YOU WANT TO LOOK AT, OR, LEAVE IT COMMENTED OUT TO LOOK AT ALL REPORTS
    

    --AND ([SWNPMDB].[dbo].[NodesCustomProperties].[Office] = 'Custom_Office_Value_Here') -- CHANGE THIS TO MATCH THE CUSTOM PROPERTY NAME YOU WANT TO LOOK AT, "Office" in this example
    

    --AND ([SWNPMDB].[dbo].[NodesCustomProperties].[Office_Floor] = 'Custom_Office_Floor_Value_Here') -- CHANGE THIS TO MATCH THE CUSTOM PROPERTY NAME YOU WANT TO LOOK AT, "Office_Floor" in this example
    

      
    

    GROUP BY [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[ReportName], [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[RuleName], [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[ReportID], [SWNPMDB].[dbo].[NodesData].[Caption]  
    

    ORDER BY [SWNPMDB].[dbo].[NCM_PolicyCacheResults].[RuleName]

    There are probably several extra lines you would not need, however, hopefully it will help you with what you need.

    Please let me know whether it helps or not.

    Thank you,

    -Will

  • 0

    mr.e

    Were you able to accomplish your goals/tasks?

  • 0

    mr.e

    Did you ever get the results you were needing?

    -Will

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.