need better SDT support for website checks
At this time, you can schedule SDT for website checks from one or more (or all) locations, but you cannot specify which test is in downtime (like you could for a resource datapoint). As a result, if I want to pause SSL expiration warnings, I must also pause ALL checks against the site, which far from ideal. Please fix SDT for website checks to allow selection of all alertable criteria.implement better data serialization for active discovery results
A few months ago after being told that SNMP_Network_Interfaces was the new preferred method for network interface data collection (despite it excluding SVI interfaces and using weird backward naming for the property to include all interfaces -- interface.filtering = true), we moved ahead with implementation. We found soon after that the module was corrupting interface descriptions, and a ticket raised with support resulted in the “too bad, sucks to be you” sort of response I often receive. The corruption involves stripping all hash signs from interface descriptions. This may sound harmless, but we have for years told our clients to prepend a # to an interface description to exclude it from alerting, which our automation detects and handles. The reason this happens is because the folks who came up with LM thought it would be a cool idea to use # as a field separator and this was embraced and extended by later developers. There was a solution we recommended (that was rejected) -- specify a transform string so the # becomes something else known we can match without breaking monitoring for thousands of interfaces. My request here is to work out a method to transition from the current field separator mechanism to an actual data serialization method like JSON.34Views5likes0CommentsMonitoring of VMware NSX Advanced Load Balancer (aka AVI Vantage)
With the recent introduction of the datasources for NSX-T, it would also be nice to be able to monitor the NSX Advanced Load Balancer product from VMware as well. Thing like monitoring when virtual services go down, or when a controller or service engine is unhealthy. We'd also like to know when a controller backup fails. If this is something that's already in development, we'd love to help test it out.9Views2likes2CommentsCan we get the ability to better control alerts rules (not limited to cloning)?
The ability to clone an alert rule would be fantastic, but being able to create an escalation chain from within an alert rule, so you don’t have to go back and forth, would be fantastic. Can’t tell you how many times I’ve created a rule and get down to the bottom and realize I forgot to make the chain first. It’s incredibly annoying (though I do know i can just save, create the chain, and come back and edit, but I’d like to just be able to do it all on one popup).24Views17likes1CommentLM Logs parser conditional formatting operator
Submitted to LM Feedback under the title “LM Logs parser colorization based on criteria” As an engineer who is trying to see how certain logs relate to other logs, it would be helpful if I could highlight specific logs in context with other logs by using an advanced search operator to colorize certain logs that meet a certain criterion. For example, I run this query often: "PagerDuty Ticket Creation" | parse /(.*) (SUMMARY|ERROR|INFO|DEBUG): (.*)/ as Script, Severity, Msg One of the fields I parse is the Severity, which as you can see can have values of SUMMARY, ERROR, INFO, or DEBUG. It would be nice if I could add an operator to the query that would let me colorize rows based on the value of the parsed Severity column (Severity just in this case; for the general case, any expression on any column). For example, I'd like to run the query: "PagerDuty Ticket Creation" | parse /(.*) (SUMMARY|ERROR|INFO|DEBUG): (.*)/ as Script, Severity, Msg | colorize Severity == "ERROR" as orange | colorize Severity ~ /SUMMARY|INFO/ as green The result would be that rows in the table that have a value of "ERROR" would have a background color of orange (a muted orange) and rows in the table that have a value of "SUMMARY" or "INFO" would be colored green. Since the DEBUG logs don't match any colorization operator, they would have the default color of white. It might be handy if one *or* two colors could be passed, allowing me to change the color of the text and the background, or just the background. It would be ok if I could only choose from a set list of colors, but it would be great if I could specify an RGBA color.16Views12likes0CommentsVMware Host Network Interface Status
I'd like to request that the ability to monitor if a vmnic on an ESXi host is up or down, while excluding NIC's that are always down. IE If vmnic4 was up and serving traffic, and then all of a sudden someone unplugged the cable, I want to be able to get an alarm on this. Also, the metric thresholds for Rx & Tx will not work, because sometimes traffic drops to 0 and the link is in a valid state.18Views3likes15CommentsLM Dashboards filter by property
LogicMonitor dashboards are powerful, especially with tokens. One huge/valuable addition (especially for a Managed Service Provider)would be a token to filter for specific instance group. IE a token for #defaultinstancegroup#. You can go into an instance today and clone a graph and it will show it’s setup for the instance group, but you can’t edit that or use that across a dashboard or create a widget by instance group. Similarly, would be great to have a token that could filter a dashboard by property; ie default resource pool.49Views17likes2CommentsArubaOS-CX ConfigSource needed
I hoped since ArubaOS-CX is similar to HPE Procurve, I could just use the existing ConfigSource, but it times out in discovery. I am generally willing to jump in and code solutions, but the current from-scratch monolithic coding methodology used for ConfigSources makes it effectively impossible for regular folks to do, so.... please add a new ArubaOS-CX module or extend HPE Procurve to support that flavor. I have a pair of 8320's not yet in production I am able to get developers into.18Views3likes4CommentsAzure monitoring for reserve instances
LM does a great job of collecting billable information for hourly resources via the API; however misses reservations. Would be great to have billing dashboards that fully defineall billable items in Azure and allow for historical and forecasting capabilities.28Views4likes3CommentsComplex Groovy DataPoint access to Script/Batchscript output
I need access to Script/Batchscript output in a Complex Groovy DataPoint. This isa rather fundamental omission. It should be trivial to permit the output[“datapoint”] approach supported for other collection types. Make it so!Solved84Views5likes8CommentsPlease add Firepower Device Manager support
Reviewing the modules available, I see SNMP and FMC API support, but there is REST API support for FDM (local version of FMC) and this does not appear to be supported (to be fair, I have not tried pretending it is as all the modules specifically mention CiscoFMC and nothing about FDM). Missing FDM support restricts visibility to some areas, such as environmental monitoring. Please review and update the modules to allow for FDM REST API to work. Hopefully it is not a significant change to the existing CiscoFMC modules…. While I am at it, good to point out that setting up SNMP for the FTD is especially challenging and it would be helpful to users for LM to document the process. If anyone from the docs team wants input please have them contact me.Memory Count just for active VMs
Hello I count the overall memory for all of our vms. Now I try to find out how to configure the monitoring to just count the memory of all vms which are in power-On status. I saw the datapointsMemoryConsumed,MemoryGranted andMemoryActive. What is the difference between this datapoints and is one of this point the right one to count just RAM for active VMs (VMs which are not powered off)? looking forward for your feedback Enrico21Views1like1Commentmodernize WebSSH client
One of our customers could not connect via the WebSSH client to a newly setup switch using modern SSH algorithms. I personally only rarely use that feature, but I tested it and traced the issue to: %SSH-3-NO_MATCH: No matching kex algorithm found: client diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 server ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256 I added diffie-hellman-group14-sha1 to the switch KEX list, but would prefer to keep only modern algorithms active. Any chance we can get that client updated to negotiate newer algorithms? Security teams are more and more tight on what is allowed to operate within enterprise networks (for good reason). Thanks, Mark16Views4likes0CommentsAdditional Checkpoint locations
Would LM consider adding more Checkpoint locations in the UK or Europe please? As a UK customer we get poor response times from Sydney and Singapore from the UK. US locations also are not ideal. Could we also have a feature to add our own LM Collectors as checkpoint locations too please?5Views5likes11CommentsAutomation
As a CSM, I’m often told that they are tasked with automation - but when I dig deeper, often the company doesn’t know - they just want to take things off the plate of their teams. Have you been tasked with automation? What kind are you looking for? If you have put automation in place, please let me know what it does and how successful it is for you. Thank you25Views1like1CommentAruba Central monitoring
Because of COVID19 the University tried to reduce density in residence halls by leasing about 75 apartments in nearby complexes. Each apartment is an island with ISP service; the decision was made to deploy WIFI access points in each apartment supported by Aruba Central. None of the Aruba Central visibility can be brought back to the on-campus controllers that support WIFI across all campus locations. Can you please consider developing some datasources that exploit the Aruba Central API? ? ? ?90Views5likes16CommentsScan Aruba Central AP Swarms from the Virtual Controller to discover the remaining AP's in a swarm to monitor them
We use Aruba IAP's in Aruba Central where our AP's use DHCP to obtain addresses. The only static IP used in the Virtual Controller IP used for Radius Authentication, but the Virtual COntroller has knowledge of all AP's in teh swarm and could be used to discover and monitor the whole swarm even if the AP's were to reboot and change IP's. Could LM look into using this data for AP discovery and monitoring, or build an Integration capability with Aruba Central directly to read the devices list to get the IP's it needs to monitor them?13Views4likes2CommentsParse syslog facility and priority
Syslog that adheres to the standard format that has been around for decades prefixes the message with a number between greater than and less than symbols. For example: Thatvalue is the result of combining two different numbers: facility and priority. We can decode this facility and priority number pretty easily. Let’s take 164 for example: 164 in binary is “1010 0100”. The facility is extracted by taking the first 5 digits of 164 in binary, “10100” and converting to decimal, 20. Looking that up in a standard table, we can see that 20 corresponds to a facility of local4. The priority is extracted by taking the last 3 digits of 164 in binary, “100” and converting to decimal, 4. Looking that up in a standard table, we can see that 4 corresponds to a priority of Warning. LM Logs has the ability to extract this number from the log message. It’s pretty easy since all you do is pipe the search query into the parse operator: This puts the number into its own column, in this case called severity. What I’d like to do is: Take the value in the severity column and convert it to binary. Then take the first 5 digits and convert to decimal and show that as a separate field on the log. Take the value in the severity column and convert it to binary. Then take the last 3 digits and convert to decimal and show that as a separate field on the log. I’d love the ability to embed the mapping found in the standard table so that instead of displaying the number it displayed the name of the facility and priority. Since pretty much all Syslog follows this format and uses the standard table, it might be worth it for LM to build this kind of capability into LM Logs if it doesn’t exist today. All customers who do syslog streaming into LM Logs would benefit from having the facility and priority parsed out into human readable words. What I’m thinking is a couple of new operators in the query language: dec_to_bin(x) - converts a decimal number (x) to binary bin_to_dec(x) - converts a binary number (x) to decimal left(myStr, x) - grabs a specified number of characters (x) from the left part of a string (myStr) right(myStr, x) - grabs a specified number of characters (x) from the right part of a string (myStr) mid(myStr, x, y)- grabs a specified number of characters (y) from a string (myStr) starting at a certain character index (x) str(x) - converts an object (x) into a string so that it can be used as an argument in left, right, mid functions lookup(x, myDictionary) - looks up a value (x) in the keys of a dictionary (myDictionary) and returns the value of the dictionary entry Alternatively, or in addition: parse_facility(msg) - extracts the facility and returns the human readable facility name (basically doing in one step what I’d do manually with the functions above) parse_priority(msg) - extracts the priority and returns the human readable priority name (basically doing in one stepwhat I'd do manually with the functions above)12Views3likes0CommentseBPF monitoring support for Linux hosts
I have seen this with some other enterprise solutions and it’s a popular choice when we don’t want ‘APM’ level metrics but we are interested in the HTTP metrics such as requests/sec, error/sec, etc. Redhat has a decent article on this: Monitoring eBPF-based metrics (redhat.com) Some blogs focussed on HTTP metrics: eBPF enhanced HTTP observability — L7 metrics and tracing | by Apache SkyWalking | Jan, 2023 | Medium I am starting to see DevOps requests this sort of monitoring especially on third party software where instrumentation for APM is not possible or preferred by vendor. We’d recently had a requirement similar to this for an enterprise product and LM can only poll HTTP and record results and not be able to track incoming requests to the server. Quite like to see this being supported - DataDog already supports this and I can see this being quite important going forward.52Views1like7CommentsAWS Health Event and AWS Service Health Eventsources require enhancements.
Hi Community/LM Folks, I am aware that I am not the only one who expecting significant improvements for these two event sources: AWS Health Event and AWS Service Health. 1 - AWS Health Events - Since this event source lacks the ability to filter events, we are unable to personalize or filter event logs for a specific issue or region. 2 - AWS Service Health - I've observed that this event source does not provide as much information as what is displayed on the RSS feed page. Nevertheless, we can filter the event, however there are not many options. I truly believe that these two event sources deserve huge upgrades, and the majority of LM users are wishing for the same. Thank You :)19Views1like0CommentsPort WMI to linux collectors
Many of the WMI property sources could easily be done with wmic on Linux, look at MSSQL property source this simply looks for the SQL instances ect with WMI this can easily be done on Linux reducing the need for a Windows based collector I have included sample Groovy code and a link to a static compiled wmic to make life easier to test. wmic can be found herehttps://assets.nagios.com/downloads/nagiosxi/agents/wmic_1.3.16_static_64bit.tar.gzif needed I can jump on a session with your team and show it working on our Linux collectors. Thoughts would be have the WMI class check what the underlying OS is on the collectorto determine which methodto use? def queryAll(host, query) { def map = [] def wmi_user = hostProps.get("wmi.user") def wmi_pass = hostProps.get("wmi.pass") def wmi_domain = hostProps.get("wmi.domain") def command = ["/usr/local/bin/wmic", "-U", "${wmi_domain}/${wmi_user}%${wmi_pass}", "//${host}", "${query}"].execute().text.split("\n") command.each { if(!it.contains("CLASS:")) { mappings = it.tokenize("|") key = mappings.get(0) value = mappings.get(1) map << ["DISPLAYNAME":key,"NAME":value] } } return map }30Views3likes6CommentsIdeas for tracking LM website docs changes?
Hi gang! I’ve raised this issue to our CSM but I want to raise the topic here for conversation. There might be a technical solution I’m not imagining. When LogicMonitor updates their own support documents on their website, there’s no way to see what exactly has changed - unless the page content explicitly includes such details. Case in point: “Tokens Available in LogicModule Alert Messages” https://www.logicmonitor.com/support/logicmodules/about-logicmodules/tokens-available-in-datasource-alert-messages It reads “Last updated on 13 January, 2023” OK, great - but what changed?? (We make extensive use of Alert Tokens in custom JSON payloads in our LM Integrations which send to PagerDuty. If there’s changes to the Alert Tokens in a way which would affect how PagerDuty ingests and/or routes the Alerts - and I didn’t know about it to make adjustments -that would really stink, and that’s putting it mildly.) Disregarding that specific page however…. Do people have any ideas on how to track LM website changes in a way that would expose the specific changes? I don’t want to have to resort to ConfigSource monitoring of LogicMonitor’s own website, nor do I want to have to resort to writing a web crawler which would download the entire site and commit it to version control like Github - but I’m tempted, which is sad.29Views2likes4CommentsEnable retrieval of device list by system group in the LM Ansible lm_info module
Need to be able to get devices for a particular group in LM using the ansible lm_info module. Seems a reasonable expectation. Example: - name: Get devices using full_path lm_info: target: device company: batman access_id: '{{ lm_user }}' access_key: '{{ lm_key }}' full_path: " {{ fpath }} " register: output If fpath is “batman/servers/linux/mexico” then all devices that are in that group are returned ex: mex_linux_01 popo_linux_33 tjna_linux_12314Views1like1CommentAPI - Device Data Aggregation
On the Get Device Data endpoint we'd like to be able to aggregate the data that comes back in some sort of time window. There is currently the ability to pass the period parameter in order to specify how far back you'd like to pull data from. But we would like to have two extra parameters. One to specify the type of aggregation(SUM, AVG, MIN) and another to specify the time window that we'd like that aggregation to roll up on(1min, 60min). So if we were to request data with a period of 2(hours), an aggregation of AVG, and roll_up_window of 1(min) then we'd expect to get back 120 rows, each representing the average of the values for each minute.7Views2likes3Comments##EXTERNALTICKETID## available to pass to escalations
Would it be possible to allow LogicMonitor to pass the ##EXTERNALTICKETID## from a ConnectWise integration to an email or some other escalation? In my use case, for a critical alert, LogicMonitor would create a new ticket in ConnectWise, but if the alert hasn't been acknowledged, I'd like to email an alert response team with both the LM alert ID & the CW ticket #. Additionally, it would be great if in the future I could pass that ticket number to another 3rd party integration so we could integrate with customer ticketing systems but keep our internal reference number throughout. It seems like all the integrations may use the same ##EXTERNALTICKETID## token, so maybe we could write it to a custom alert field or custom token? Thank you, Ryan7Views3likes2CommentsSafeguards against accidental drag and drop in the Device Tree
The ability to drag and drop items in the device tree in order to reorganize them is a powerful feature,but the staggered manner in which the tree loads and expands on page load "encourages" a user to accidentally move folders and devices around in the tree, which leads to numerous detrimental effects (not the least is having to try and figure out where you accidentally moved them to). Request is to either introduce a safeguard prompt "Are you sure you wish to move X from Y to Z?" for all drag and drop actions within the device tree, or, alternately, introduce a configuration item on folders and devices allowing them to be "protected" against moves --- either adding a safeguard "are you sure...?" prompt for those specific items, or prevent moving them entirely without first taking the action to "unprotect" them.4Views6likes11CommentsAbility to perform actions on alert triggers
It would be very beneficial to have a way to run a PS script or batch file when an alert is fired. We monitor certain Windows Processes and occasionally those processes will fail. We would like the ability to auto restart those processes when the Alert is triggered.18Views2likes7CommentsAdd the 'search' feature to widgets, in dashboards.
Hello, Hopefully this wasn't already asked (if so, sorry, I missed it). I thought a few times it may be useful to have a 'search' feature whenever I'm looking at a widget such as a table that lists dozens/hundreds of devices. Search on any field of the widget, if possible. Thanks, Damien.8Views6likes1CommentAbility to add instance descriptions to dashboard widgets using a dashboard token
We would like to have the option to include instance descriptions on dashboard widgets, especially table widgets. If the instance description was available as a dashboard token, then that would make the data more meaningful to our customers so that they have a better understanding of what instance each row corresponds to. This would especially be useful for interfaces. In addition to being able to include instance descriptions in the display of table widgets, it would also be very useful if we could filter on the instance description within the table widget using a glob expression. For example if we wanted to display all interfaces with "UPLINK" in the description. Being able to display all uplink interfaces in a widget and also display the interface description for each instance would be huge for us.26Views6likes4CommentsGlobal Delay setting and maybe flapping trigger ?
Hello, We happen to run across another problem last week that might be a nice feature and the delay is probably pretty easy to implement. Sometimes a threshold might be triggered but then clear within X minutes. While these might be useful to know... I don't want my ticket system to get an email for these... so we tried to set an escalation delay of one hour (using a null escalation path for the 1st step as suggest in documentation)... but the problem is unless someone goes in and ack's the alert within the our of course the system is going to email again. Unless we write a custom API, we have no way to gracefully get these tickets to the ticket system without duplicates being created. So it would be SUPER nice to have a delay per priority so that we could say do not sent send any alerts unless the alert has lasted for longer than X minutes. I know I can do that in the datasource per datapoint but that's a lot of changes to go through.. which is why I would love a "global" setting :)/emoticons/smile@2x.png 2x" title=":)" width="20" /> Also noting for anyone using OpsGenie (us) or PagerDuty.. I'm pretty sure the delay could be set there... so really the global delay is just needed if you are using email/SMS. After writing this I realized wait a minute that brings up the idea of a flapping alert... for example if I were to set my GLOBAL delay for 2 hours on errors... ok cool I now am only going to get alerted if the error lasts that long... but maybe I still want to be alerted if it has been bouncing for X number of times per X minutes... that way my global delay isn't going to ignore "flapping" that we probably should know about :)/emoticons/smile@2x.png 2x" title=":)" width="20" />3Views1like0CommentsAllow for custom number in consecutive polls
I have a request to alert on > 40 on cpu wait after 15 minutes... my polling is at the default one minute and I'd like to leave it at that, butconsecutive polls is a drop down menu and let's me select 10 then 20... which means I can only alert at 11 or 19 minutes.. can this field allow a person to set a custom number please ?9Views3likes8CommentsCustomize the 2FA Messages to Users
When a dormant user is removed, a rather alarming message is sent to the user. This causes alarm and users end up reporting it as a account breach. Can you please make it possible fo us to customize this message like we can for new users. This is the current message, which does seem a bit alarmist: Hi XXXX, This is a reminder that 2 factor authentication was just disabled for your LogicMonitor account. From now on, you'll only need your username and password to sign in. If you did not make this change please contact us at support@logicmonitor.com immediately. Thanks, LogicMonitor1View1like0CommentsHaloPSA Integratioin
Providing Customer, Asset and Ticket integration with HaloPSA (via API) would enhance the value of LM enormously for our Organisation. Believe that the basis of the required integration already exists in the Autotask integration add-on. Can certainly facilitate comms with HaloPSA dev team and beta test if needed.0Views1like0CommentsCollector Group / Resource Group relationship
When you install a new collector on a Server, you can choose to "Monitor the device on which the Collector is installed" and select the device group to which you want the Collector to belong. This does make it super easy to begin monitoring the Collector and its host, but the next choice in the Collector install process is for Collector Group assignment. And right now there is no relationship between Collector Group and Device Resource Group. I would really like to be able to see my collectors in my resource tree in groups that match the names of the Collector Groups. Yes, I can manually accomplish this outcome. But I think it would be so much better if there was an option at collector install to make Group Name equivalency between Collector Group and Resource Group an automatic, dynamic occurrence. That might happen in the future by making a feature request but for right now, I'm stuck trying to think of how to accomplish this on my own. Seems like a property and a variable are needed, and then dynamic group membership based on that property/variable pair but this is where I've developed a mental block. Anybody tried this before?7Views1like1CommentNotes field when Deleting devices
A feature that would be useful would be an optional Notes field for use when deleting devices. You can look back in the Audit Logs to see who deleted a device and when it was done however it would be nice to include a quick note with the reason, requestor, or service request number.2Views1like0CommentsDe-duplication of alerts
LM supports snmp traps, that's great. But it would be nice if the below features are provided. - Able to extract the varbinds from the traps and customize the alert fields - Multiple traps for the same issue, is currently presented as a separate alert. Separate alerts causes lot of noise and it doesnt make the alert page usable. It would be nice if there are options to deduplicate alerts based on varbinds - As device would be sending clear traps, it would be nice to have co-relation of problem and clear alert(auto clearing of problem once there is a matching clear event) I see LM is against traps, but allowing to integrate traps via EventSources and not able to do much with the traps is definitely not helpful. Appreciate if LM could consider this as a Feature request.1View2likes1CommentRollup all alerts for one device on alert screen into one entry
I'd like a way to roll-up all the alerts for a known bad device being monitored (as a device could have dozens of datapoints all alerting) into one line item on the alerts screen so that other alerts aren't lost in the sea of alerts for a known bad device. Ie. it might take me 3-7 days to fix a bad device, and I'd still like to have alerting enabled for it so I don't forget to alert on it once it is fixed. But I have missed some alerts at the bottom of the 2nd page because the one known bad device had so many alert points. Perhaps one of those triangle twirl UI elements that we could collect and collapse them all.2Views1like1CommentFrequent WMI Calls to Windows System - Combine the calls
We are primarily a windows server datacenter and we have noticed that when monitoring the window systems, there are spikes caused by the high number of unique WMI calls to each system being monitored. Using the debug !tlist ip-address we saw that there were cases where we had more than 100 unique calls being done to gather data. This often causes other system engineers to think that LogicMonitor is the cause of the issue because suddenly there is a queue of processing on the CPU because of so many tasks coming at the system. This became very noticeable when we added the community module to monitor the running processes. That gives a count of the number of unique processes and memory used, but does not show the CPU usage of those processes. The WMI service on the system was showing excessive queueing of tasks and was spotted when another engineer was on the live system using Tsk Manager. I hate it when the monitoring tool appears to be the service that is causing the issue. Could this be cleaned up with a better process of gathering this data? Even the standard queries- if it is an 8 cpu box - there are 8 wmi calls to gather the same information except it is a different CPU number. The same is true for each of the disk letters - a unique WMI call for each disk that is defined.4Views1like0Comments