JSmith
Joined 6 years ago
User Profile
User Widgets
Contributions
Re: API Filtering
Hey Stuart, appreciate the quick responses! I really don't need the name filter, it was just one I seen in the API docs and was using it as a reference point. I thought the issue was just combining filters, it appears though that it was my query. Here is one that just worked: https://site.logicmonitor.com/santaba/rest/device/devices?filter=deviceType:0,disableAlerting:true To take this one step further, would the filter be different for a custom property? These examples are giving me a hard time trying to convert for my use case. Albeit, I am using v2 of the API but, I cannot find any difference in how the filtering would work. https://site.logicmonitor.com/santaba/rest/device/devices?filter=deviceType:0,customProperties.name:sn.sys_class_name,customProperties.value:cmdb_ci_hardware1View0likes0CommentsAPI Filtering
Is it possible to apply multiple filters to an API query? If so, would anyone have an example of what it would look like? Here are my current attempts: Working: https://agio.logicmonitor.com/santaba/rest/device/devices?filter=deviceType:0 Not working: https://agio.logicmonitor.com/santaba/rest/device/devices?filter=deviceType:0,name-QA* Thanks!50Views0likes4CommentsRe: SDT "groups"
A couple of thoughts that may help.... Have you tried utilizing device properties to create dynamic groups? Ex. In our MSP model we have different clients assigned to resource groups, within their resource groups we make properties for location, type, etc. Then we also set a 'level property'. This would allow us to create a dynamic group with a query likejoin(system.staticgroups,",") =~ "ClientGroup1/ClientGroup2" && hasCategory("MicrosoftDomainController") || priority.level =~ "P1" Have you also tried the mapping process and using the alert roll up? We cannot find a use case to work for us (yet) but, it seems like it may be good here.0Views0likes0CommentsTracking down LDAP Bindings
As a continuation to @Kerry DeVilbiss's datasource to track DC's that are getting unsigned LDAP bindings, we have been thinking about making a datasource that will track the incoming connections. Our thought was to take a page from this article and query our event log every X minutes and output the response of found events to the datasource. My question is a two-parter: 1) Does anyone have experience using a datasource to output large amounts of data to the wildvalue? If so, is there a character limit? We were thinking once we found the event we could narrow down the relevant data inside of a scripted method, but are worried about performance on the collector. 2) Aside from a some performance improvements on the collector, is there a benefit for adding this as a datasource rather than an eventsource? We often find the event module clunky and cumbersome. Thanks!10Views0likes1Comment