need better SDT support for website checks
At this time, you can schedule SDT for website checks from one or more (or all) locations, but you cannot specify which test is in downtime (like you could for a resource datapoint). As a result, if I want to pause SSL expiration warnings, I must also pause ALL checks against the site, which far from ideal. Please fix SDT for website checks to allow selection of all alertable criteria.25Views12likes1Comment
Token to include DataSource raw output in email and alert body
We have script DataSources that output useful diagnostics information that help Operations to understand the number valuewhen an alert is generated. We want to include the raw output from a DataSource in the alert and email body. What we need is a##DSRAWOUTPUT## token which contains the complete raw output sent to standard out from a DataSource script. For example, we monitor for processes running under credentials they are no supposed to be running under, and we want to include that info as textual information in the alert/email body.21Views3likes2Comments
Mail alerts conversations
I think it would greate if you add some headers to your mails. This will helps to mail program to create conversation for every alert and clean message for it. Now we have only separate messages: LMD... critical - Host1 Ping PingLossPercent LMD... critical - Host2 Ping PingLossPercent LMD... ***CLEARED***critical - Host2 Ping PingLossPercent LMD... ***CLEARED***critical - Host1 Ping PingLossPercent In my opinion, it will better if this message will create conversation for every alert: LMD... ***CLEARED***critical - Host1 Ping PingLossPercent LMD... critical - Host1 Ping PingLossPercent LMD... ***CLEARED***critical - Host2 Ping PingLossPercent LMD... critical - Host2 Ping PingLossPercent As I know, the header is Thread-Index https://excelesquire.wordpress.com/2014/10/17/use-excel-to-count-the-number-of-emails-in-each-email-chain/ https://stackoverflow.com/questions/5506585/how-to-code-for-grouping-email-in-conversations2Views3likes1CommentAlert Triage (i.e. Grouping & Alert Reduction)
Hi, Per discussion with Russ G. & Kenyon W. & Jake C. yesterday, I would like to submit this as a feature request to the DEV team and see whether there is any way to add this feature into future roadmap. In short, it'll be great if end user can configure multiple incident/alerts into 1 group and generate only 1 alert (with highest severity). Here is an example of Tomcat being shutdown which shows a number of alerts generated: 1. Tomcat shutdown ‘critical’ alert is generated (1 alert) 2. ActiveMQ consumer count of specific queue alert has reached zero ‘Error’ alert (about 10-12 alerts for our case) In this case end user would like to be able to configure such that LM will consolidate all alerts into one critical alert (i.e. all AMQ 'Error' alerts are cleared)? I saw something like this in PagerDuty and must say it’s a great feature to have in LogicMonitor to reduce # of alerts being processed by the TechOps team: https://www.pagerduty.com/blog/alert-triage/ Thanks & Best Regards, Horace0Views2likes3CommentsAlerts API - Size Limit
Hi Everyone, I am running into a size limit issue in my pursuit of creating a quarterly report for a customer. What I am trying to do is narrow down my filter to have any cleared alert that is a severity 4 that was closed during that quarter. My issue is two-fold. I am not sure of the syntax that would only show alerts that cleared during that quarter (I am trying to do the equivalent of ‘between’ in python IF statements)and the size limit of 1000 is limiting because I cannot get a count of cleared alerts. I couldn’t find anything regarding pagination that can be used. I have also attempted to do the F12 then network button trick, but there is nothing that stands out there or anything that I can identify. And I have tried looking at other questions and couldn’t find anything relating this. This is my query: ?size=1000&filter=severity:4,cleared:true,startEpoch>:{startEpoch}&filter=severity:4,cleared:true,endEpoch<:{endEpoch} Any guidance would be greatly appreciated.Solved353Views2likes2CommentsQuerying alerts via API
Hi I'm fairlynew to APIs and would like a little help please. I am trying to query the LM API for specific alerts with Python. I am able to retrieve a full list of alerts via Python which is a good starting point. I was using the following doc: https://www.logicmonitor.com/support/rest-api-developers-guide/v1/alerts/get-alerts What I would like some help with is thefollowing: - Is there a way to retrieve alerts only for a specific folder? We have customers under specific folders. - How would I retrieve alerts with only a specific string in the resource name? E.g. all customer devices will have devicename.domain.com I would like to filter for only alerts of devices with *domain.com* in the resource name. - How would you do multiple queries in one API call? e.g. a query with a filter, and a sort? Thank youSolved93Views1like9CommentsFilter out out reply to info in alert message
I send alerts to a chat channel and I want to remove the lines below from the alert message since it would not work in the chat channel. You may reply to this alert with these commands: - ACK (comment) - acknowledge alert -NEXT - escalate to next contact - SDT X - schedule downtime for this alert on this host for X hours. - SDT datasource X - SDT for all instances of the datasource on this host for X hours - SDT host X -SDT for entire host for X hours I tried using custom email integration the above was still included.6Views1like3Comments
Ad-hoc script running
Often when an alert pops up, I find myself running some very common troubleshooting/helpful tools to quickly gather more info. It would be nice to get that info quickly and easily without having to go to other tools when an alert occurs. For example - right now, when we get a high cpu alert the first thing I do is run pslist -s \\computername (PSTools are so awesome) and psloggedon \\computername to see who's logged in at themoment. I know it's possible to create a datasource to discover all active processes, and retrieve CPU/memory/disk metrics specific to a given process, but processes on a given server might change pretty frequently so you'd have to run active discovery frequently. It just doesn't seem like the best way and most of the time I don't care what's running on the server and only need to know "in the moment." A way to run a script via a button for a given datasource would be a really cool feature. Maybe on the datasource you could add a feature to hold a "gather additional data" or meta-datascript, the script could then be invoked manually onan alert or datasource instance. IE when an alert occurs, you can click on a button in the alert called "gather additional data" or something which would run the script and produce a small box or window with the output. The ability to run periodically (every 15 seconds or 5 minutes, etc) would also be useful. This would also give a NOC the ability to troubleshoot a bit more or provide some additional context around an alert without everyone having to know a bunch of tools or have administrative access to a server.16Views1like7Comments
Custom alert messages per Cluster
I'm coming around to love clustered alerts as more of my company moves to dynamic environments. But I really need to be able to customize the email alert messaging for clustered alerts. So I would like to see two things: 1. The ability to set a custom alert message per clustered alert 2. The ability to assign properties to clustered alerts so that they can be referenced in the alert message via ##TOKENS##.10Views1like1Comment
need better SDT support for website checks
At this time, you can schedule SDT for website checks from one or more (or all) locations, but you cannot specify which test is in downtime (like you could for a resource datapoint). As a result, if I want to pause SSL expiration warnings, I must also pause ALL checks against the site, which far from ideal. Please fix SDT for website checks to allow selection of all alertable criteria.Filter out out reply to info in alert message
I send alerts to a chat channel and I want to remove the lines below from the alert message since it would not work in the chat channel. You may reply to this alert with these commands: - ACK (comment) - acknowledge alert -NEXT - escalate to next contact - SDT X - schedule downtime for this alert on this host for X hours. - SDT datasource X - SDT for all instances of the datasource on this host for X hours - SDT host X -SDT for entire host for X hours I tried using custom email integration the above was still included.