Recent Discussions
Windows logs in LMlogs
Hi, happy new year ( i know) I am trying to add a logfile into LMlogs and hope that any reader has searched and found a method to do this without the LM OpenTelemetry Collector. In a Windows environment you dont want to install docker, kubernetes etc to just parse a logfile on a windows server. I had hoped that LM has something and currently it is possible with the eventlog datasource but that is deprecated without having an alternative. Anyone that has found a solution of has similar thoughts?
Why Do You Export Data from LogicMonitor? We’d Love Your Input
Hi LogicMonitor Community I’m reaching out from the LogicMonitor team as we’re doing some research into how customers are using the LogicMonitor API. We’re seeing significant usage of certain API endpoints, and we’d love to better understand: Why do you export data from LogicMonitor today? What kinds of data are you pulling from LogicMonitor? What tools or platforms are you sending that data to (e.g., dashboards, data warehouses, automation tools, SIEMs, CMDBs, other visualization tools etc.) and why? What would Logicmonitor need to do today for you to keep your data within our platform? The problems or workflows this API usage is helping you solve If you’re comfortable sharing, even at a high level, your insights would be incredibly helpful and will directly inform how we prioritize improvements and enhancements to the API experience. There’s no expectation to share anything sensitive or proprietary, we’re simply looking to learn from how the API is being used in the real world. Feel free to reply in-thread or message me directly if you prefer. Thanks in advance for helping us make LogicMonitor better for everyone! Best regards, Platform PM Team: Ted & Subomi LogicMonitor
Using previous data from a data point
I am trying to use the previous data from the data point Status to create a specific alert with the StatusFlap datapoint. I want to keep the StatusFlap datapoint enabled but after each time an interface comes back online after being offline, the StatusFlap alert also notifies my team. Basically, I want to find a way to only alert if the Status datapoint has an output of 1 in two consecutive polls and StatusFlap datapoint has an output of 1. I tried to modify the script but found out that LogicMonitor does not allow stateful collection scripts. Is there any way I could go about this?
How do you handle Servers that are normally Power Down?
Hi, We have some servers for DR that are generally off. We power them on for monthly patching, or if we need to copy a file or something, but other than that, they are powered off. If the server is on, we want it to be monitored like any other server. However, when it gets powered back down, we don't want to get alerts for it being down because we know it's down. These servers power down via a scheduled task at 3AM if they are on. We don't want to have them in a permanent SDT because once they get powered on, we don't want to have to go stop it and then start it again when we'd done. Same goes for manually disabling alerting and then having to re-enable it and disable it again. I see that after a devices is off for a bit it becomes DEAD, which seems to stop all alerting. Can I use that to my advantage? If I know they power down at 3AM, Could I simply put in a daily SDT from 3AM - 3:30AM to grab the Uptime and Ping alerts that happen right when it gets powered off, but then it will change to DEAD and stop alerts? Then the SDT expires and if it gets powered back on, it just works? Only thing it would do is alert because the Uptime is below the threshold, but that's minor. Just wondering how anyone else handles this if other people have something similar. Thanks.Are Auto-Balance groups supposed to balance automatically?
Hi, I have a collector that's been alerting due to low memory. It's a Large collector with 8 Gigs of RAM based on the recommendations here: https://www.logicmonitor.com/support/collector-capacity This collector is in a Auto Balance group with another that is not having any memory problems. One is running 40000+ instances and the other has only 23000+. One has 450+ resources and the other has 50. This doesn't sound like they are balanced to me. Is there something I need to do so LM will actually keep these two collectors balanced so they have approximately the same number of things they are monitoring? The Rebalance Threshold - Instance Count items is set to 30,000. Since one collector is way over that, shouldn't that trigger a rebalance to occur? What am I missing?
🚀 Introducing the ✨AI Assistant for LogicMonitor: Your New Support/Troubleshooting Companion!
Hi everyone! 👋 I am excited to share a project I've been working on to help the LogicMonitor community: ✨ AI Assistant for LogicMonitor. This is a free, AI tool built specifically to act as your expert pair-monitor. It solves the problem of searching through endless documentation by providing instant, relevant answers to your LogicMonitor questions, scripting challenges (Groovy), and architecture puzzles. 👉 Try it now: https://ai-assistant-for-logicmonitor.monitoringartist.com/ ✨ Key Features: 🧠 Expert Knowledge Base: The AI is grounded in comprehensive public support documentation combined with specialized private expert knowledge, giving you the most accurate context possible. 📚 Citations & Deep Dives: Responses don't just give you the answer; they include direct links to the official documentation so you can verify and explore further. 💡 Proactive Guidance: Not sure what to ask next? The assistant provides smart suggestions for related follow-up questions to guide your troubleshooting flow. 🔗 Direct Linking: Share specific questions or topics with your team using URL parameters (e.g., ?q=How to monitor standard metrics). 📊 Dynamic Visualizations: Supports Mermaid diagrams with full pan & zoom capabilities for visualizing architectures and flows. 💻 Developer Friendly: Syntax highlighting for code and a one-click copy button make working with datasource scripts a breeze. 🎨 Customizable: Dark/Light mode support and fully responsive design for mobile and desktop. ⚡PWA Support: You can install it directly to your device for an app-like experience. 🧩 LogicMonitor Dashboard Integration: You can even embed the AI Assistant directly into your LogicMonitor dashboards! This allows you to have your troubleshooting helper right alongside your data. Simply import this dashboard JSON into your LogicMonitor portal. This project is for YOU. Check it out and let me know what you think! I'd love to hear your feedback on how we can make this even better for the monitoring community. 🧪 Quick Scenarios for Testing Not sure where to start? Try these prompts: Generate Groovy script Get all device type IDs - private knowledge which is not documented List API limits Feel free to use the built-in feedback features (thumbs up/down), which help to tweak the AI models under the hood—so you will make it better for everyone. Sponsorship and business cooperation is also welcome. Happy Monitoring! 📈
Handling Alert Storms?
Good morning, Just wanted to put this out there to see how everyone else is handling these types of situations. Scenario: Switch goes offline. Alerts that generate: BGP Alerts x5 OSPF Neighbor Alerts x5 Interface alerts x10 Uptime alert when it comes back online Maybe a syslog event Problem: With that being said, how does your team know that all these alerts were related and should be bundled into the Switch going offline alert as the parent ticket? Maybe it's a portal issue on our end but like OSPF Neighbors when clicking on them doing even topology map to the others... Same with BGP. You can't dependent alert map instance alerts, only resources which is useless here. I could maybe configure cluster alerts when more than 1 or 2 alerts of the same type generate but it can't be specifically grouped to pick and choose which instances. Services don't really cut it as they don't suppress the individual alerts so at this point is my best bet to just document what alerts when the switch goes down and apply that to the offline alert of the switch or maybe look into better topology mapping so it's clearer?
Delayed Alerting
Hi, Not sure if this is doable or not but I have set up an alert rule to track a collection of Network Devices and set an escalation chain with a single blank first entry and a distribution group as the second escalation point with as delay of 10 minutes. The problem I am having is alerts are being sent every 10 minutes for a device being down, I altered the alert rate to 1 every hour but then it just generated a single device down alert so if multiple were down it would only tell me about 1. Support advised to alter the ping module to collect status every hour for example but that's then a big gap in-between where something could be down without knowledge. Without setting up a single alert rule per device - not sure how to achieve the above, I thought about automated sdt if an alert is generated to stop the noise but doesn't look possible. Anyone ever had a requirement for anything like this or just purely unique (odd way) I am trying to do something? Any advise or shut downs happy to hear :-) Thanks, Simon
