Recent Discussions
Module Toolbox AppliesTo IDE
I have a new DS to build. I decided, for the first time, to try to build it in the module toolbox instead of the UIv3 editor. I guess "Resource Label" is the display name of the module. That's confusing because it's not the name of the resource this will be on. I guess I can see that it's the label that the module will show up with under the resource. But it's not the label of the resource. It's the label of the module. Technical notes - i guess this now supports markup. Which markup? hypertext transfer markup? Extensible markup? Why not markdown (or does it mean markdown when it says markup)? My big problem is with the "IDE". Only developers would think the word "IDE" makes more sense than "wizard". Most of them are Java/Groovy developers who actually need an IDE to develop in a language as overly complicated as Java/Groovy. This thing is not an IDE but a field picker. Functionality that used to exist is no longer there. When I'm developing a datasource, i usually limit the first runs to one device. I opened the "IDE" hoping to find a way to search for the device and limit it to that device. I could do that in the old UI really easily. I don't even know where to start with this new "IDE". The "IDE" does not auto-complete properties. So even if i started typing out "system.display" it doesn't even suggest a complete property name. Once i get "system.displayname == " into the appliesto, it doesn't suggest display names to choose from. I know LM knows how to do this because they do it with the LM Logs query window. Why is there a big help section in the middle of this "IDE" describing what the "true()" convenience function does? I didn't select it and i'm not using it in my appliesto. Why is the "IDE" so big? Why can't it pop out in a drawer from the left side? I was worried that the cancel button might cancel the progress i've made on the DS so far. Speaking of the cancel button, why is there no "you'll lose the progress on your appliesto if you cancel. are you sure you want to cancel?" warning? Why are we still choosing the collection mechanism type (batchscript in this case) before getting ot the collection setting? Why is the discovery group method selected before instances even exist? Did someone actually say, "it makes more sense to go through the effort of moving this above the discovery arguments"? Why are the results for testing active discovery still not shown in groups? I hit save before putting in a name/resource label. It marked them as red, but didn't scroll up to them. It looked like nothing happened when i hit save.12Views1like0CommentsIs anyone monitoring a parent process and its child processes on Windows platforms?
I initially thought about doing this as a multi-instance datasource where each instance would be the name of the child process, and the description would be the name of the parent process. But sadly could not get that working. I even tried what I thought was the simpler approach of having the parent process as the instance name and just a count of child processes - still no go.20Views1like0CommentsPalo Alto application data missing from Netflow
We havebeen able to get Netflow data working for a Palo Alto PA-820 firewall, but we are not seeing the application data show up. Does anyone have any suggestions on next steps we could take? Here is what has been done so far: Netflow profile has been configured on the Palo Alto side and assigned to the interface, including selecting the PAN-OS Field Types to get the App-ID and User-ID (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring/configure-netflow-exports) nbarhas been enabled on the collector: # enable netflow support for NBAR, IPV6 and Multicast fields netflow.nbar.enabled=true # enable netflow support for IPV6 fields netflow.ipv6.enabled=true Collector version is 34.003 We’re seeing everything we expect except the app & systemsdata on the Traffic tab for the device: Any thoughts on what we might be missing? Thank you. :-)Oracle jdbc JAR file update
LogicMonitor's collector utilizes an outdated version of the Oracle JDBC jar file. It's essential to upgrade to the most recent version available in the Maven repository to take advantage of new secure database connection types. However, users should note a significant change in behavior with the new jar: while the old version automatically closed abandoned Oracle database connections, the new version does not, potentially leading to an excessive number of open connections. This surge in open connections can overload and crash an Oracle server where connections aren’t limited by user. Therefore, clients must either ensure that customizations explicitly close database connections or adjust their server settings to impose limits on the number of concurrent open connections. All of the newest Logicmonitor datasources properly close connections but some of the older modules did not do this. Logicmonitor has created a module to test for this problem and alert if it occurs. Oracle_Database_MonitorUser will keep track of the number of connections in use by the monitoring user and alert if the number of connections is too high. This update is scheduled for collector 35.400. Make sure this module is installed before upgrading to collect 35.400 and monitor your database connections before rolling this out to general release.61Views15likes0CommentsCisco Meraki Environmental Sensor Monitoring
Today, new modules are available in LM Exchange to monitor Cisco Meraki MT-Series Environmental Sensors. These fully support Resource Explorer and include a new (IoT) Sensor Topology Graphic. If you are subscribed, these devices count toward the Wireless Access Points SKU.24Views11likes0CommentsHow to set up Splunk with multiple IIQ SailPoint environments with Splunk
Observing the code in the Python scripts, it appears that Splunk does not support multiple environments (s), despite what the Splunk documentation on this website claims. Version of SailPoint IIQ: 8.1p3 Version of Splunk: 8.0.9; Version of TA: 2.0.5 Upon examining the Python code known as the Splunk Plugin, which allows Splunk to read data from SailPoint, I discovered the following details: The plugin directory is Splunk/etc/apps/Splunk_TA_sailpoint, from which the plugin gets its files. The file that drew my attention was Splunk/etc/apps/Splunk_TA_sailpoint/bin/input_module_sailpoint_identityiq_auditevents.py.6Views6likes0CommentsHow to set up Splunk with multiple IIQ SailPoint environments with Splunk TA configuration using: SailPoint Adaptive Response
I noticed that the Splunk documentation on this site says that this should support multiple environments (s) - looking at the code in the python scripts though it looks like it doesn't? SailPoint IIQ version: 8.1p3 Splunk version: 8.0.9 TA version: 2.0.5 After reviewing the Splunk Plugin code (the Python code which Splunk uses to read data from SailPoint), I noticed the following bits of information: Splunk/etc/apps/Splunk_TA_sailpoint is the plugin directory where the plugin derives its files. Splunk/etc/apps/Splunk_TA_sailpoint/bin/input_module_sailpoint_identityiq_auditevents.py – this is the file in question that caught my attention.10Views4likes0CommentsNew Modules for APC Netshelter Rack PDU Advanced 10000 Series
I’m pleased to announce that we just launched new modules for the APC Netshelter Rack PDU Advanced10000 Series power distribution units that now include per-outlet power measurements. Vendor Reference:https://www.apc.com/us/en/product-range/86360147-netshelter-rack-pdu-advanced/21Views12likes0Comments