Forum Discussion

Anonymous's avatar
Anonymous
5 years ago

24 June 2020 Office Hours

At LogicMonitor, we recognize that your business and infrastructures are under increased strain due to COVID-19. To assist you in monitoring your vital infrastructure, we would like to personally invite you to join us at 11am PST, Wednesday, June 24th, for another Live Training Webinar Office Hours.

Have questions about how to best use LogicMonitor? LogicMonitor experts will be live to explain best practices and answer your questions. Register now!

  • Anonymous's avatar
    Anonymous

    Here's the link to a href="https://communities.logicmonitor.com/topic/5865-10-june-2020-lm-exchange-recording-and-qa/" rel="">the LM Exchange webinar recording. Please feel free to post any questions there (or here) if you need more. We can always talk about it at the next office hours.

  • Anonymous's avatar
    Anonymous

    Here's the Q&A Transcript. I can't transcribe every single answer I answered on the video because I don't have enough resources. Please fill out the survey to help me get more resources so we can actually have the full video transcribed.

    Q1: We are having difficulties when adding new LogicModules, we add in the propertySource and dataSource but the device does not get updated with the new datasources.  I haven’t been able to find detailed documentation on this process or how best to troubleshoot, does this exist? Also, after adding the new datasources, we’ve noticed that we now have some duplicate entries.  Is there an easy way to clean this up?
    A: This question was discussed live.

    Q2: What can we do for collector setups where a datasource might generate thousands of instances maybe even up to 10k? Create a larger collector? What issue(s) are you seeing/expecting to see? We are on the largest setup, i was wondering what configuration aside from just RAM and CPU would help... especially if we want to somehow load balance or have backups if it goes down
    From another attendee: I typically find the problem is due to scripted DataSources that might generate that many instances, take too long causing the script to timeout (default is 2 min)
    From another attendee: Our o365 DataSource is one resource and has over 123,000 instances. We've had to massively modify the Collector's config.
    A: This question was discussed live.

    Q3: For Topology Mapping, is there a good way to arrange your resources where you would like them and have them stay there?
    A: This question was discussed live.

    Q4: Is there a way to track Status Code for webchecks as a datapoint, so that we can see its history on a graph/widget?
    From another attendee: I imagine you'd need to do this as a script DataSource. Depending on the authentication method, this shouldn't be too hard to do in PowerShell.
    From another attendee: That is how we are doing it right now. But as an MSP, we bill those separately, and managing it as a CI keeps it unstreamlined
    A: This question was discussed live.

    Q5: Complete LM newbie here: We have several Palo Alto firewalls. Does LogicMonitor have any recommendations on alerts/monitors to apply to PA firewalls from a security monitoring standpoint, such as number of logs per day/hour/etc. and save that historically. Something that might establish a baseline, from which one *might* get an indication of higher-than-normal activity and dig deeper.
    A: This question was discussed live.

    Q6: With each DS there are datapoints we can alert on.  If there is a datapoint, which has not been configured with a threshold nor an interval, can you still configure resource instance (not global) with a threshold?  At what interval will it alert at?
    From another attendee: You can trigger instance-level alerts for any datapoint. As far as I know, the alert is triggered after the first time the threshold is breached.
    A: This question was discussed live.

    Q7: Can you walkthrough us through the new Exchange platform? Thank you
    From another attendee: Upvote
    From another attendee: I find this new exchange confusing .. (Or I'm super dumb) lol
    A: This question was discussed live. Go here to view our recording from June 10 where we covered it: a href="https://communities.logicmonitor.com/topic/5865-10-june-2020-lm-exchange-recording-and-qa/." rel="">https://communities.logicmonitor.com/topic/5865-10-june-2020-lm-exchange-recording-and-qa/. Please feel free to reply there or here with further questions.

    Q8: [DataSourceName].pollinginterval property (which lets you override the polling interval per device) is no longer documented, is that being killed off?
    From another attendee: '+1 on the question, but I heard from support that they are looking at it again internally to try and resolve the known issues. (Apologies to LM folks if I'm disclosing something I shouldn't. I don't think it's secret.)
    From another attendee: Our primary use case to allow the customers (we are sort of a MSP) to customize their interval without needing DataSource Manage permission.
    From another attendee: @Mike - pollinginterval is a huge requirement for us - we have different customers asking for different thresholds and simply cloning a datasource isn't scalable.
    A: This question was discussed live.
    From another attendee: For the custom trigger by device question without creating another datasource, would the custom property for Pollinterval set at the device level work?
    A: Unfortunately, even if the poll interval was changed, it would only have an indirect impact on trigger interval. The trigger interval itself would still remain the same even if the poll interval would cause it to have a different time window.

    Q9: i am having a hard time monitoring linux via ssh only.  i appled the Linux_SSH category and added the ssh.user and ssh.pass.  i am unable to get it to discover
    A: This question was discussed live.

    Q10: If someone mistakenly sets the Applies To wrong, leading to 0 matches and losing all instances and losing ALL history, is there a good way to recover from that?
    From another attendee: If you mean to get the data back, I am not aware of any. AFAIK, that history is just gone. You can, of course put the "applies to" back to its previous value to start gathering data again.
    A: This question was discussed live.

    Q11: How do I re-alert after an alert is already ack’d? - ie) every 4 hours
    From another attendee: LM only re-alerts after the alert has cleared (dropped below the alert threshold.
    From another attendee: .... I'll have to ask OpsGenie- how to re-alert I guess?
    From another attendee: Coding to the API might be a solution. The API includes Alert endpoints, so in theory you should be able to scan all Alerts for conditions like "Acked for X minutes" and then take an action which would have the effect of clearing the Ack. (It would actually show up as a brand new Alert though.)
    From another attendee: hmm, ok
    From another attendee: You can use alert rules/chains to cause an alert to occur over and over. I mean notifiy over and over, not alert over and over
    From another attendee: Sounds like the use case is to make sure that something given an Ack isn't forgotten. That's something we would like as well, but we're looking at something like PagerDuty to handle the un-Ack.
    From another attendee: Again in theory an Integration with something like PagerDuty or OpsGenie could be extended to actually de-Ack in LM, using the API as mentioned. If that was done then the "brand new" Alert from LM ought to be able to be de-duplicated in the alerting platform - or linked to the original event. (That's our working theory as we go forward.)
    From another attendee: You can disable alert for that instance, and re-enable
    From another attendee: Stop and then start alerting and it will rediscover the alert.
    From another attendee: Exactly what I was thinking. The only downside IMHO to doing the Alert disable/enable is it generates a brand new Alert.
    From another attendee: I put in a feature request to have another kind of method.  I was thinking an appropriate name would be suppress.  This wouldn't affect the reports based on SDT and would be bound by time.
    From another attendee: You can un-ack an alert by disabling -> re-enabling alerting. That can also be done with the API.
    A: This question was discussed live.

    Q12: Good day, another newbie, we have our first meeting with our CSM and PS next week.  You mentioned Dynamic Thresholds coming soon while discussing Palo.  We use Palo as well and this will be very useful. Is Dynamic Thresholds universal for other gear for example load-balancers.?
    From another attendee: yes, dynamic thresholds can be used with any datasource.
    A: This question was discussed live.

    Q13: Ahoy there. Sometimes we have situation where we want to PUSH data to a collector, and have that collector just read that data via a datasource. Is there a way, like maybe an endpoint, to have the collector act as a filehost for like csv/json files so we can read data. This is is relevant for MSPs who might have customers with a single collector (thats all theyre allowed), but monitoring in multiple environments, like a single datasource device in each env
    From another attendee: You could write a script to read the file on the collector (that's easy), but CPU data (for example) but the values will not apply to the default CPU DataSource. You'd need to create a custom DS.
    From another attendee: +1 - I bet we can get Stewart to comment on the up-and-coming PUSH functionality they're adding. Wooooooooo - #sunglasses
    From another attendee: Here's the info from their blog: https://www.logicmonitor.com/blog/2019-in-review-logicmonitor-product-advancements
      Push Metrics – We will be adding the ability to push any metric from anywhere into LogicMonitor through an open REST API. This will help developers stream business-related metrics into LogicMonitor and get the benefit of correlating application and infrastructure intelligence in a unified platform.

    Q14: Powershell 7.1 will come out soon. How would we be able to tell a datasource and or a collector to use that as default (rather than windows powershell)? As there are a number of features that it has that previous ones done. And of course its many many security enhancements
    From another attendee: I would think the only way to accomplish this, would be to have your PS DataSource call pwsh.exe with the command/script as a parameter.
    From another attendee: You cannot #require PS 7...from Windows PowerShell.
    A: This question was discussed live.

    Q15: Wheres that link to the exchange training webinar?
    A: a href="https://communities.logicmonitor.com/topic/5865-10-june-2020-lm-exchange-recording-and-qa/" rel="">https://communities.logicmonitor.com/topic/5865-10-june-2020-lm-exchange-recording-and-qa/

    Q16: What would be the best method to provide the Websites check's sslDaysUntilExpiration as a widget?
    From another attendee: Overall Status is a combination of things.  Has to meet the criteria defined for the step: time, availability by x number of test points, and the glob values?
    A: This question was discussed live.

    Q17: Any ETA on documentation for API v3?
    From another attendee: There is going to be a new API v3?
    A: This question was discussed live.

    Q18: From an MSP perspective, I wonder if we could customize trigger intervals per instance level? I guess most probably not... but it sure would be useful
    A: This question was discussed live.

    Q19: Please create a FAQ and/or HOWTO web pages. In this video you answered the question: "How do you disable a (I don't remember what you called it)." Answer: you add && false() to the end of the line. My biggest complaint about LogicMonitor is I have questions and I can never find the answer to my question via your documentation. A FAQ and/or HOWTO web page would solve that problem.
    From another attendee: Quick tip: I have found Googling with the "site" specifier to be more effective in finding great existing docs (especially on the LM forums) which I couldn't find otherwise.  Example: https://www.google.com/search?q=site%3Alogicmonitor.com+"active+discovery"
    From another attendee: No offence to LM, but the searching on the LM site could be much improved...but when the Googles find it so well, I'd rather the LM folks not spend their time on site search optimization. IMHO Nothing is perfect! ?
    From another attendee: Scattered is the problem. People want to find the anwers to their questions quickly, not take hours of training and scour through scattered information.
    A: This question was answered live

    Q20: Do you have any recommendations for avoiding baseline alerts from new datasources that are imported? I find that quite often new datasources will collect many instances. If all of them violate a threshold, we get flooded with alerts and subsequent customer facing tickets. Is there a way to suppress "baseline" alerts until some history is established for the instances?
    From another attendee: Root-level SDT for a few polling intervals.    Like this. How you the rule know it's a new datasource? This is the root of my problem    live answered                                        

    Q21: The newbie is back: Earlier this week I was watching the April 1, 2020 LM office hours and they talked about dashboard tokens (in this case, their use case was specifically around the Palo Alto dashboard), but I didn't follow how to use the tokens to get my 20 some PA firewalls to be monitored by this dashboard?  (If too specific of a question, I can contact support directly) I.E. my Palo Alto Networks dashboard says "Group not found" or "instance not found" on each item
    A: Sure, go ahead and put this as a reply to that thread and we can discuss it further: a href="https://communities.logicmonitor.com/topic/5667-01-april-2020-office-hours-administrator-best-practices-recording/." rel="">https://communities.logicmonitor.com/topic/5667-01-april-2020-office-hours-administrator-best-practices-recording/.

    Q22: Please post all of the questions and anwers from this session on a web page. It's too difficult to find answers in a video.
    A: Unfortunately, we don't yet have the resources dedicated to the webinars to transcribe the entire video. You can help us get the resources though by filling out the feedback survey: https://docs.google.com/forms/d/e/1FAIpQLScPWW5DzNxe2W5ieh6PjamLYWcP5AhDbUl1E3U7ZKryEgwEoA/viewform?usp=pp_url&entry.2118543627=2020-06-24&_ga=2.142231862.566316756.1592835918-380097571.1591121906.