I am currently learning Splunk and found that an app was recently released to display Solarwinds data inside Splunk. I have created a simple dashboard with some pretty generic stats.
Has anyone else had a chance to use this app,and if so what have you done with it?
Hello All,
I currently have an activity to integrate SolarWinds NPM 12.1 to Splunk.
This would be my first time ingesting SolarWinds data to Splunk.
It appears that the SolarWinds admin here doesn't know how to execute the Configuration on the provided documentation at SolarWinds Add-on for Splunk.
I'm also currently playing with the SolarWinds demo just so I can create the exact steps and document it for the SolarWinds admin but unfortunately I'm totally lost
Can someone direct me or give me a high-level steps for this?
Thank you in advance!
I'm having an issue configuring CLI polling for the Nexus Leaf and Spine switches in our ACI fabric.
Using exactly the same username and password, CLI Polling test fails with "Test Failed. Connection Refused by <IP>", but both Putty and NCM connection test works perfectly?
Has anyone come across this issue, or have any suggestions on how to debug this one?
Do we have general steps how to backup the Database? I know this might be outside, but any help will do?
I have a powershell script which I am triggering on an alert which I want to run against the remote system from which the alert was generated. From other articles on here I believe I have the syntax correct, and the alert says the script ran, but clearly it hasn't done what it's meant to. Where do I find the SolarWinds log file which should contain the script execution to see if it has correctly passed the node name for the script? I am passing.. C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Invoke-Command -ComputerName ${N=SwisEntity;M=Node.SysName} "C:\Utils\Scripts\C-Cleanup-Script.ps1" I have also updated the Orion Module Engine service to run as a domain account with the correct permissions to the remote machine.
Just looking to see if it is feasible to Monitor "Admission Control Limit" on Riverbed using Solarwinds Application?
Hi,
Im facing some connectivity issue with Solarwinds DB, up on checking logs and events on Orion server. I found below Error
What could be the issue and how to fix this.
we are using NPM 12.4 and NCM 7.9
DCOM was unable to communicate with the computer xx.xx.xx.xx using any of the configured protocols; requested by PID 2c54 (C:\Program Files (x86)\Common Files\SolarWinds\JobEngine.v2\SWJobEngineWorker2x64.exe).
Thanks
Prashanth.GE
We recently patched our Linux servers and afterwards Solarwinds NPM reports memory on only the RedHat 7 servers as negative numbers. I tried upgrading to the latest NPM/SAM(12.5/6.9) version, but this did not help. I'm reaching out to OS support as well, but also wanted to get suggestions from the SW community. Has anyone seen this before? It only appears to affect RHEL 7 memory, all CPU/response time/disk/etc appear to be accurate.
I have a SQL query that checks our store subnets for less than 128 IP addresses (we had an issue last week where some data mysteriously disappeared from IPAM awhile ago, and we just now realized it. so we would like to know immediately if this data goes missing again). I have it running as a report, but i would like to set it up as an alert instead. Here is the query:
SELECT COUNT(DISTINCT n.IPAddress) AS [Count],
g.FriendlyName as StoreNumber
FROM IPAM_Node n
JOIN [dbo].[IPAM_Group] g
ON n.SubnetId = g.GroupId
WHERE g.CIDR = 25
GROUP BY g.FriendlyName,
g.CIDR
HAVING COUNT(DISTINCT n.IPAddress) < 128;
Now i'm having trouble with setting it up as a new alert:
what should i use from the dropdown to make this validate?
I'm trying to add ASA5506 firewall to NPM and it keeps failing. The snmp configuration looks good on the firewall because the same config is working great for a different firewall, which is a different model from the one failing the snmp test. Anyone had this issue before and assist?
**REQUIRES ORION PLATFORM 2018.2 OR ABOVE**
I had assembled this based on a much older SQL report, and then updated it to SWQL, then added some more intelligence to it so you can filter it based on the duration of the outage, search by the device names, and it has a method of letting you know when nodes have been down so long they aged out of the events table.
Based on popular requests I figured it was time to put it out here to make it easier for the Thwackers to find and use. This is intended to be used inside the Custom Query Resource
select n.caption as [Device]
-- shows the current status icon
, '/Orion/images/StatusIcons/Small-' + n.StatusIcon AS [_IconFor_Device]
-- makes a clickable link to the node details
, n.DetailsUrl as [_linkfor_Device]
-- shows the timestamp of the down event, if there is no timestamp then is says the event was greater than the number of days in your event retention settings
, isnull(tostring(t2.[Down Event]),concat('Greater than ',(SELECT CurrentValue FROM Orion.Settings where settingid='SWNetPerfMon-Settings-Retain Events'),' days ago')) as [Down Event]
-- shows the timestamp of the up event, unless the object is still down
, isnull(tostring(t2.[Up Event]),'Still Down') as [Up Event]
-- figures out the minutes between the down and up events, if the object is still down it counts from the down event to now, displays 99999 if we cannot accurately determine the original downtime, and
, isnull(MINUTEDIFF(t2.[Down Event], isnull(t2.[Up Event],GETUTCDATE())),99999) as Minutes
from orion.nodes n
left join (SELECT
-- Device nodeid used for our join
StartTime.Nodes.NodeID
-- Down Event time stamp in local time zone
,ToLocal(StartTime.EventTime) AS [Down Event]
-- Up Event time stamp in local time zone
,(SELECT TOP 1
ToLocal(EventTime) AS [EventTime]
FROM Orion.Events AS [EndTime]
-- picks the first up event that is newer than the down event for this node
WHERE EndTime.EventTime >= StartTime.EventTime
-- EventType 5 is a node up
AND EndTime.EventType = 5
AND EndTime.NetObjectID = StartTime.NetObjectID
AND EventTime IS NOT NULL
ORDER BY EndTime.EventTime
) AS [Up Event]
-- This is the table we are querying
FROM Orion.Events StartTime
-- EventType 1 is a node down
WHERE StartTime.EventType = 1
) t2 on n.NodeID = t2.nodeid
-- this is how I catch nodes that are down but have aged out of the events table
where (n.status = 2 or t2.nodeid is not null)
-- If you want to filter the results to only show outages of a minimum duration uncomment the below line
--and MINUTEDIFF(isnull(t2.[Down Event],(GETUTCDATE()-30)), isnull(t2.[Up Event],GETUTCDATE())) > 60
-- if you want to use this query in a search box of the Custom Query resource uncomment the below line
--and n.Caption like '%${SEARCH_STRING}%'
order by t2.[down event] desc
Loop1 Systems: SolarWinds Training and Professional Services
Hi All,
I created this a couple years back on an older version on solarwinds. I have moved it to a new environment on latest version of solarwinds. The StatusLED is showing as Down.gif not the Icon LED. What am I missing? Also the link on the node is not work either (take you details page of node). Any help greatly appreciated.
select distinct NodeID, Caption AS NodeName, StatusLED, Criticality, Support_Group, 'http://solarwinds..com/Orion/NetPerfMon/NodeDetails.aspx?NetObject=N:'+CAST(n.NodeID as varchar(256)) as 'DetailsURL',
convert(varchar(10), ( DATEDIFF(SECOND,MaxTriggeredDate,GETUTCDATE())/86400)) + 'd ' +
convert(varchar(10), (( DATEDIFF(SECOND,MaxTriggeredDate,GETUTCDATE()+1)%86400)/3600)) + 'h '+
convert(varchar(10), ((( DATEDIFF(SECOND,MaxTriggeredDate,GETUTCDATE()+1)%86400)%3600)/60)) + 'm ' as 'Active_time'
from [dbo].[Nodes] n
left join (select RelatedNodeId, MaxTriggeredDate=max(LastTriggeredDateTime) from AlertObjects
--where AlertID in ('43','49','109','92','410','269','223','271')
group by RelatedNodeId) ao on n.NodeID=ao.RelatedNodeId
where STATUS= '2'
or STATUS='2'
and comments is null
order by Criticality ASC
Is this a graph of "does this node ping" or is it something more specific?
Is there a way for Orion to check a feed and send an alert if something comes up in the feed? We are looking to have a single pane of glass for monitoring, and have an AWS feed that we want to trigger alerts from.
We migrated our Solarwinds instance from Server 2012 to Server 2019 and upgraded all modules to version 2019.4 on Monday, but now, for some reason, all nodes are showing that SNMP polling has failed and nodes that can be successfully pinged from the Orion server show to be down. Any thoughts or tips? I can't seem to figure it out.
I've just started using NPM 12.5 and I've noticed that Syslog Viewer on the server is no longer available the way it was on the server.
How do I now forward a syslog message in an email? I can set an alert to trigger on a particular syslog but I can't see how to include the actual syslog in that email. Can anyone point me in the right direction?
I also don't seem to have the export button. I am an admin, does anyone know how to make it appear?
Thanks!
We struggle to see the point of displaying this information and its basically wasting space on our dashboards that could be served by more meaningful infomratio, however, as wehave to monitor these interfaces to receive netlfow from some of our L3 devices, this information is just shown.
Is there a way to exclude vlan stats, or another way to still capture the netflow info without seeing vlan info?
Hi guys,
When creating a Custom Tile resource, there's an option to filter out the results displayed. What I am trying to do is display a Custom Tile for specific Volumes and the filter should be for specific Nodes based on their custom property.
I haven't been successfull at creating this filter so far. What I do know so far is that the filter would have to be applied to the Advanced SQL filter section of the Custom Tile.
Any help/pointers would be greatly appreciated.
TIA
Hi
So I am trying to customise the 'Neighbour is down' alert with a view to split it into two alerts, one which executes an external program (for critical nodes) and one which just sends an email.
I have created a custom property for nodes called 'PhoneAlert' which is Yes/No field, i.e. the Critical nodes will be 'Yes' for PhoneAlert.
I then copied the Neighbour is down alert and kept the Primary Selection as the default, which is an OR match but I added a second section which is an AND match to ensure only nodes with their PhoneAlert custom property set to Yes would trigger this alert.
The problem is, it also triggered for two nodes which had their PhoneAlert property set to No.
Am I misunderstanding this?
Thanks
