Recent Discussions
Historical SDT en reporting
Hi community, I'm running into a limitation with reporting on Scheduled Downtime (SDT) in LogicMonitor. Right now, i' m able to pull alerts that occurred during SDT' s but i cannot generate a single report that shows all historcal SDTs across all my resources/devices. For my use case, it's important to: Filter per resource group Include this data in regular reporting and analysis to highlight structural SDT usage My questions to the community: is there any way to generate such a historical SDT report, does someone have a script or code to share to get that trough the API Thanks in advance!Admine3 days agoNeophyte44Views3likes1CommentAPI searchId documentation?
The API V3 swagger is filled with references coming back in the RESPONSE with searchId but doesnt say what it is. AI queries say its used for pagination, claims there is no official documentation, but is able to give me examples. I was able to use them by providing my own searchId and getting it back ... for SOME endpoints but NOT ALL. But I'm wondering: Is there an official page I'm not finding that explains how to use searchId ? Does it really not work for some endpoints? I just get null back when I send it in my request to /device/devices but if I do /alert/alerts I get back the searchId I set in my query. Thanks!Lewis_Beard3 days agoProfessor9Views0likes0CommentsWhat sets auto.config.port? Official resource for where properties are set?
I have a deprecated config source or three (ahem) that I want to get rid of, but I want to test using the Common Config stuff. In particular, I have one device that for some reason doesnt have auto.config.port set. It has auto.network.listening_tcp_ports set to 22, but not auto.config.port. Therefore, it cant pick up any of the common config property sources for exec vs telnet vs etc, because all 5 of those are mutually exclusive to one another BUT all of them require auto.config.port to be set. So I'm wondering: a) where is auto.config.port set at? b) is there some official resource LM has where I can just search for a property and find the module that sets it? ThanksLewis_Beard4 days agoProfessor15Views0likes1CommentDeep Dive troubleshooting question
I'm having difficulties tracking down the source of a Service Account Lockout occuring in a fairly complex domain structure. I've found it necessary to set WMI creds at the top of the heirarchy, with sub-groups having different WMI creds, as well as individual devices with their own. On the domain controller that would be targeted with a sub-group WMI cred set, I see most 'Sources collecting correctly, but a few times a day, the SA is locking out. I find the 4740 on the DC, but can't quite track down the specific event (should be a 4625) causing the lockout. The only 4625 I'm finding show the Main group WMI creds... which are in a different domain. Seems as though some 'Sources are using the wrong WMI creds (or defaults based on the Collector's SA). The question: Is there a way to get a !TLIST showing the WMI.USER being leveraged in the debug console for each job?SolvedCole_McDonald4 days agoProfessor43Views0likes5CommentsNeed an LM Log Source to collect logs from a remote Windows file system
Basically as per, I have about 40 windows boxes I need to get some log file monitoring on. None have internet access , and I don't really want to install 40 odd collectors or OTEL agents, and they are all in different domains so UNC copying isn't really an answer either The path is C:\ProgramData\Microsoft System Center 2012\Orchestrator\RunbookServerMonitorService.exe\Logs , just to make it a bit more awkward, which stays the same . All my attempts at a groovy script to get the files just crash and burn even throwing all the AI engines at it ! This is as far as I can get. It reads the newest 20 lines of code whilst running in a !groovy debug window. That's before we get to converting it to JSON or parsing for specific event text. I gave up when we got to tripple escaping and ##WMI.USER## can't be escaped. Anybody got a LS they can share or point me to ? def remoteComputer = "machinename" def username = 'domain\user' def password = 'password' // Folder to check def folderPath = 'C:\\ProgramData\\Microsoft System Center 2012\\Orchestrator\\RunbookServerMonitorService.exe\\Logs' // PowerShell command (escaped for Groovy) def psCommand = """ \$securePass = ConvertTo-SecureString '${password}' -AsPlainText -Force \$cred = New-Object System.Management.Automation.PSCredential('${username}', \$securePass) Invoke-Command -ComputerName ${remoteComputer} -Credential \$cred -ScriptBlock { param(\$folder) if (Test-Path \$folder) { \$newest = Get-ChildItem -Path \$folder -File -ErrorAction SilentlyContinue | Sort-Object LastWriteTime -Descending | Select-Object -First 1 if (\$newest) { \$lines = Get-Content \$newest.FullName -Tail 20 Write-Output "Last 20 lines of: \$newest.Name" Write-Output \$lines } else { Write-Output "No files found in: \$folder" } } else { Write-Output "Folder does not exist: \$folder" } } -ArgumentList '${folderPath}' | Out-String """ // Run PowerShell from Groovy def command = ["powershell.exe", "-NoProfile", "-Command", psCommand] def process = command.execute() def output = new StringBuffer() def error = new StringBuffer() process.consumeProcessOutput(output, error) process.waitFor() println "Output:" println output.toString().trim() if (error) { println "Errors:" println error.toString() }Andy_C4 days agoNeophyte22Views0likes1CommentLM Uptime - Anyone know how to use it?
We were told months ago that Websites were going to be moving into the Resources section. I now see this new "LM Uptime" thing was released and it seems like this is what's replacing websites. However, I can't find any information on how to set it up, how it works, etc. Does anyone have that info?Kelemvor5 days agoProfessor91Views0likes7CommentsCan LogicMonitor use Active Directory OU information for grouping?
Hi, We have our servers organized in AD and use those OUs to group similar machines together. Can I access that information in LM in any way? I want to make a collection in LM of all the machines in a certain OU in AD but don't know if that's possible or not. Thanks.Kelemvor5 days agoProfessor11Views0likes1CommentHow to alert when we STOP receiving logs?
We recently had an issue where we needed to review logs from a router during a P1 outage, but found that LM had stopped receiving logs from the device 2 weeks ago. We need a way to have a "No Data" type of alert for logs, so that if a device stops sending us logs we can be notified and resolve the issue. Instead of finding out 2 weeks later when the logs are needed during an outage. We can't use the Log Usage datasource for this because it is based on push metrics and does not have a collection interval.SolvedMatt_Whitney6 days agoExpert40Views1like2CommentsResource Explorer Alert Filters ConfigSources?
I would like to use the Resource Explorer to display and group devices based on Alerts, specifically ConfigSource alerts. However it seems that only DataSource options appear in the list on the resource explorer page: I can filter for Datasource datapoints but none of my ConfigSources show up here. Is there some other way to do this, or is this something on the roadmap? Thanks!Lewis_Beard6 days agoProfessor47Views1like1Comment