Recent Discussions
Custom Threshold export
Im trying to automate the export of all custom ("INSTANCE") alert thresholds from a specific LogicMonitor device group (org.org.devices) using PowerShell and the LogicMonitor REST API. I want to get a total count and optionally a breakdown per device. I have the following script which: Authenticates using the LMv1 HMAC scheme Finds the device group by its full path Recursively retrieves all subgroups and devices Fetches datasources and instances for each device Counts thresholds where thresholdSource == 'INSTANCE' Runs in parallel across devices for performance param ( [string]$AccessId, [string]$AccessKey, [string]$Company, [string]$GroupPath, [int] $MaxThreads = 10 ) function Invoke-LmApi { param( [string]$Method, [string]$ResourcePath, [string]$QueryParams = '', [string]$Body = '' ) $epoch = [math]::Round((Get-Date).ToUniversalTime() - [datetime]'1970-01-01').TotalMilliseconds $toSign = "$Method$epoch$Body$ResourcePath" $hmac = New-Object System.Security.Cryptography.HMACSHA256 $hmac.Key = [Text.Encoding]::UTF8.GetBytes($AccessKey) $hash = $hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($toSign)) $signature = [Convert]::ToBase64String($hash) $auth = "LMv1 ${AccessId}:${signature}:${epoch}" $url = "https://$Company.logicmonitor.com/santaba/rest$ResourcePath$QueryParams" return Invoke-RestMethod -Uri $url -Method $Method -Headers @{ Authorization = $auth } } function Get-GroupIdByPath { param([string]$Path) $resp = Invoke-LmApi -Method GET -ResourcePath '/device/groups' -QueryParams "?filter=fullPath:$Path&size=1" if (-not $resp.data.items) { throw "Group '$Path' not found" } return $resp.data.items[0].id } function Count-CustomThresholds { param([string]$RootPath) $rootId = Get-GroupIdByPath -Path $RootPath $groupIds = @($rootId) # TODO: collect subgroups, devices and count thresholds in parallel } Count-CustomThresholds -RootPath "$Company/$GroupPath" However, I'm having trouble getting the script to reliably find my target group and export the counts. It either reports "Group not found" or hangs/slowly processes. Here is the current PowerShell script: What I've tried so far: Switching between filtering on name: vs fullPath: Adjusting group path prefixes (with/without company) Serial vs parallel loops Verifying the group exists via manual API calls Questions: What is the recommended way to filter by device group path (fullPath) using LogicMonitor's API? Are there any pitfalls in the LMv1 authentication or parallel Invoke-RestMethod calls I should avoid? How can I streamline this script to reliably export a summary of custom thresholds with minimal API calls? Any guidance would be greatly appreciated. Thanks in advance!Admine4 days agoNeophyte134Views0likes2CommentsUbiquiti Unifi 'Source Errors
We're having some difficulties getting the Unifi 'Sources to properly complete their Active Discovery Scripts, leading to building thread counts in the collector, leading to collector service restarts... (ScriptADTasks - 7 days - Red = Failures): I've been chasing the issues (some is the 'Source's appliesTo not properly targeting devices based on the gathered SNMP initial discovery properties) and have not quite found the smoking gun as the error I'm being given doesn't directly point to the issue. Running AD Test from the DS "Ubiquiti_UniFi_Security_Gateways" against a UXG Pro device gives me this error: "Text must not be null or empty" It doesn't identify which text is needed. The line numbers mentioned don't seem to relate directly to the DS AD code's line numbers.Cole_McDonald5 days agoProfessor23Views0likes6CommentsCan't install collectors on Windows core DC's
As it says on the tin. Error installing watchdog service. On separate customers core DC's, different networks, different proxies, same error. Failed to install watchdog. Browser access to LM works and we're installing as system. Proxies do not require auth and we're installing with domain admin rights. We've had/have support tickets opened but we haven't been able to resolve this. Anybody got any ideas.Andy_C12 days agoNeophyte91Views0likes4CommentsRestAPI Alerts access to ExternalTicketID
Has anyone figured out how to get at the ##ExternalTicketID## programatically at all? Not having access to that is driving me to distraction. It's in the DB somewhere, but we can't get to it to help automate our workflows and toolsets. Right now, I'm troubleshooting our Connectwise Integration and have to manually relate 4637 integration log entries to tickets manually one by one. Only having this internal var being able to be exposed in the Alerts view is hobbling our ability to build and troubleshoot our integrated systems.SolvedCole_McDonald13 days agoProfessor254Views0likes21CommentsWindows Patching Dashboard
i all, We’re looking to build a comprehensive Windows patching dashboard in LogicMonitor to support compliance, vulnerability management, and visibility across our customer environments (we're an MSP). We currently monitor patching via the WinUpdate_PatchStatus DataSource, but we’d like to expand that with more widgets and deeper insights. Host-level metrics we want: Pending updates count Failed updates count Last successful update time Reboot required (true/false) Recent installed or pending KBs (if possible) Dashboard-wide summary widgets: Top 10 hosts with most pending updates Percentage of Windows servers that are fully patched Pie chart: compliant vs pending vs failed Compliance trends over time Breakdown by group, tag, or customer Nice to have: Table view showing last 5 patches per server Alert integration (e.g., warning if failed updates > X) Multi-tenant filters using tags like env=prod or customer=x Reusable dashboard layout for other clients or environments What we already have in place: WinUpdate_PatchStatus active Proper WMI permissions & Collector access Basic auto properties like auto.updatecount, auto.lastupdate Looking for: Dashboard JSON exports with any of the above Custom DataSources (PowerShell-based?) to enrich with KBs General tips on patching visibility and compliance via LogicMonitor Would appreciate anything you can share — we’ll happily post our version once we finalize it! Thanks in advance! Admine LM certified Monitoring ProfessionalSolvedAdmine25 days agoNeophyte176Views1like6CommentsObservability & Edwin AI steps
Hi fellow LM wizards, We want to elevate our monitoring as a big MSP. Did someone try to elevate to monitoring as code and create advanced observability? We are not aware what should be fixed or in place to follow the path to Edwin AI or advanced observability. Is there anyone who can share a roadmap with logical steps? Thank you in advance!Admine2 months agoNeophyte30Views0likes0CommentsAlert Escalation Throttle Auditing?
Is there somewhere logging alert throttling for the escalation chains... it's currently a tedious process to unravel what would have caused (random example: ~1623 throttle alert tickets in our ticketing system). The throttle ticket doesn't contain any researchable information. The Audit Log doesn't show those events. Looking at the closed alerts didn't show the volume that would account for that quantity of throttle tickets. Does it consider throttling in a sliding time window and alert a new throttle for every new alert at the far end of the window? If so, that would negate the purpose of the throttling once it scales past the quantity set for the throttling threshold.Cole_McDonald2 months agoProfessor95Views1like3CommentsOthers Having Challenges with Least Privilege (POLP)?
Hi all. Just wanted to reach out to the community to see if others are running into the same challenges deploying the LM least-privilege service accounts as we are. This is what we've identified so far: LM can't retrieve metrics for disks where NTFS permissions don't include read access for the service account. I've scripted a PowerShell permissions check for disks in our environment, but I feel like this isn't a scalable solution. LM can't retrieve metrics for HyperV clusters. The workaround would be similar to the above. There doesn't appear to be a scalable way to confirm monitoring works across all instances/datasources after migration. I've written a script that retrieves all monitoring data for all resources from the LM API, puts it into a SQLite database, for later before/after comparison. The onboarding/migration script only sets SDDL permissions on currently installed services. If a service is newly-installed, or updated, LM can no longer monitor the service. I was considering scheduling the script to run on a regular basis, but read in this forum that it can exceed the max security descriptor length because it writes duplicate permissions. I've reach out to support on all of these issues and been told everything is 'working as expected', and that their devs 'can't anticipate every scenario'. Which is true! But none of what I described is due to an exotic configuration or niche software. Given that switching to a least-privilege model was portrayed as a 'mandate' a few months ago, I feel like remarkably little thought has gone into how this would impact customer environments, but I digress. Has anyone encountered similar issues? What's the consensus on whether the LM least-privilege model actually makes sense in the real world?MWW3 months agoNeophyte396Views2likes7CommentsCitrix Cloud Monitoring
Installation 1. Install the package from LM Exchange "Citrix Cloud" 2. Install Cloud Connector property source: Locator JYW9D7 Configuration This datasource requires several properties to be set: CITRIX.CLOUD.CUSTOMER - This is found in the Citrix Cloud Portal: Identity and Access Management > API Access > Secure Clients. Copy the bolded customer ID on the page. CITRIX.CLOUD.ID - Create a secure client, you can name it "LogicMonitor". The ID here will be used for this property. CITRIX.CLOUD.PASS - This is the secret when you created the secure client. CITRIXCLOUD.OAUTH.KEY - This will be autogenerated and populated by LogicMonitor using the above credentials. There is a Citrix Cloud OAuth datasource that will generate a bearer token and save it as a property on the device. LM.API.ID - Create an API token in LogicMonitor with administrator privileges, copy the Access ID. LM.API.KEY - This is the API token access key that was created above. LM.API.ACCOUNT - This is your LogicMonitor account name, you can probably copy the subdomain of your LM portal. https://yourco.logicmonitor.com 1. Set the properties above (except CITRIXCLOUD.OAUTH.KEY) wherever you'd like depending on your folder structure. I like to set the LM API properties at the root and the Citrix Cloud properties per client (folder). 2. Find your cloud connector device in LM and add the category "PrimaryCC". Make sure you have the Cloud Connector property source installed as well! 3. The OAuth datasource should run, generating a token that the other datasources will use to query Citrix Cloud's API. You can also do a manual "poll now" to speed up the process. You should now see the CITRIXCLOUD.OAUTH.KEY property on the device. If you have any issues, feel free to private message me!1.6KViews38likes47CommentsSQL Query Datasource (T-SQL)
I have a T-SQL query for showing disk IO stats (from 'sys.dm_io_virtual_file_stats'). I'd like to present this table data to a widget on a dashboard. What is the best/most efficient way of doing this? This is something I've not explored before (T-SQL specifically), but have done similar with custom PowerShell/WMI/Groovy so the principle knowledge is good. Thanksldoodle3 months agoAdvisor213Views0likes2Comments