Windows System Event Log "message" details not accurate
We are using the defaultWindows System Event Log event source and having those errors route through a Teams integration. When tested fromWindows System Event Log event source the Event Logging displays the entire “message” detailing the eventID reason etc etc. When looking in the Alerts section of the GUI it also shows the entire “Message” section with details. However when the alert shows up in Teams its dumbed down and useless. We get the following. Message: error - HOSTNAME Windows System Event Log The Teams integration is setup identically to the Event Source Alert message as seen below. Anyone know why ##Message## is getting overwritten with useless info instead of the actual message details from the Event? Host: ##HOST## Eventsource: ##EVENTSOURCE## Windows Event ID: ##EVENTCODE## Message: ##MESSAGE## Detected on: ##START##73Views12likes7CommentsAWS Health Event and AWS Service Health Eventsources require enhancements.
Hi Community/LM Folks, I am aware that I am not the only one who expecting significant improvements for these two event sources: AWS Health Event and AWS Service Health. 1 - AWS Health Events - Since this event source lacks the ability to filter events, we are unable to personalize or filter event logs for a specific issue or region. 2 - AWS Service Health - I've observed that this event source does not provide as much information as what is displayed on the RSS feed page. Nevertheless, we can filter the event, however there are not many options. I truly believe that these two event sources deserve huge upgrades, and the majority of LM users are wishing for the same. Thank You :)26Views1like0CommentsSchedule SDT for specific events within a EventSource??
Hello everyone, We've multiple Event Sources setup (each one of them covers multiple events (different sources & event IDs). They're kinda in the same category but they cover different events (example Backup Related Events - within those there'smultiple applications, event IDs, etc...). Our question here comes if we need to filter a specific event (within one of those Event Sources) on a specific period of the day. For example, ServerA is returning some events at 2AM EST but those are related with a scheduled job that occurs daily, one of our clients requested us to filter those events (daily from 2AM to 2:20 AM EST). Is there any way to do an SDT (but with a specific criteria)? Without filtering the whole Event Source (that contains more events that shouldn't be suppressed at that time). The reason we've multiple events within a event source is to don't create a lot of Event Sources (thinking on the WMI usage here). We have multiple events on the same Event Source, that way we don't do so many WMI queries. Just asking because in our old monitoring tool we were able to specify specific criteria on the suppression rule(s) & this is really important for us (since we have a lot of those requests). Appreciate the help!39Views1like8CommentsEvent Source 'Liebert_Condition_Events' concern
Hello, We've noticed the out of the box event source 'Liebert_Condition_Events' is triggering alarm where the actual date of the event is in the future (example below): NOTE: Blurred the device name (in order to protect our client information) I've already accessed the device in question & the system time is correct. Could this be an issue with the data source 'timestamp' handling? Or there's another thing that I might be missing? Thank you!26Views0likes3CommentsWindows Event Log Correlation
Hi, First post and I'm new to LM, though an old hand at monitoring and alerting so be gentle ? I've searched these forums and found a couple 'feature requests' to be able toalert only ifmessage X appears greater than Y times within Z minutes in the Windows Event Log rather than alerting for everyoccurrence of message X. None of the posts appear to have a solution... Is this still the case? Either an official solution or a work around? Many Thanks MatSolved49Views0likes3CommentsEventSource - LogicMonitor_Audit_Logs
EventSource to trigger Warning, Error or Critical Alerts from your LogicMonitor Audit Logs, using Resource Properties as search strings to identify matching patterns in each Audit Log's username, ip and description fields: lm.auditlogs.warn lm.auditlogs.error lm.auditlogs.critical LM Locator:763DHG9Views0likes0CommentsGeneric RSS EventSource
This is a generic RSS EventSource. Setrss.urlon a host with an RSS URL and it will start monitoring it. Of course, for an LM EventSource yourevents must include key/value pairs for "happenedOn" and "message". If your RSS feed doesn't use these keys, you can override them with therss.event.mapproperty. For example, if the event timestamp is labelledpubDateand the event message is labelledtitleyou can usehappenedOn:pubDate,message:titlefor yourrss.event.mapproperty. You can also userss.event.mapto add other attributes. Locator:YHM79Y Feel free to clone/rename the EventSource if you want more context in the name.55Views0likes2CommentsUse SOURCENAME for alert value for Windows Events instead of EVETNID
Currently the Value field of an alert shows the EVENTID, which is a number and not very useful. Please add option to instead show SOURCENAME. Even better would be if we could specify our own message in the EventSource to be used instead.4Views0likes1CommentSOLR Error Logs
W9PN3Y I thought I had already posted this one, but regardless - here it is. This does not apply to any servers by default as it can be extremely noisy if you don't have it tuned. This makes an API call to solr to pull error and severe logs and then formats them so that LogicMonitor can understand them. Before applying this, it's not a bad idea to review those logs manually to make sure something isn't repeatedly triggering (as is common with SOLR). Still - it's helped us detect and diagnose a range of issues that would have otherwise been difficult to see.2Views0likes0Comments