Q: If I install a Collector as one size, and later re-size it, is there any difference whatsoever to what I would have had if I had added it that way at first? In other words... is the Size just a config file change, and 100% of all the other Collector components are the same no matter what is the size?
A: That’s correct- the size just allows more resources to the collector agent to monitor more instances/devices concurrently https://www.logicmonitor.com/support/collectors/collector-overview/collector-capacity
Q: Are things like Collector on-disk file metadata (checksums, dates, sizes) all the same within a certain version? For example would a Tripwire profile for a Medium Collector be usable to validate a Large other than the config files and logs? By the way I know that's a fairly advanced use-case question, so feel free to drop me an email if there's no time today or if it's too advanced for this session! No rush on that one!! It's more of a nice-to-know for when we begin automating our Collector deployments later this calendar year.
A: Follow-up expected from the product team shortly. Stay tuned.
Q: How intrusive is all the polling on the devices. - specifically on large switches.
A: Generally speaking, for a switch we’d be polling with SNMP, so very lightweight, but if you’re monitoring something like an ESX host with thousands of VM guests the batch script modules can use more resources while processing the requests. https://www.logicmonitor.com/support/about-logicmonitor/introduction/network-communication
Q: As part of our regular alert review process, we pull a report of the open and closed alerts to check the alert trend at the device and the module level. However, some of these alerts would have got tiggered when the device or the instance was placed under SDT. Is there a way we can identify and filter out such alerts in our reporting when we pull the alerts report at the end of the week/month? Basically, the intention is to focus only such alerts that we worked upon and ignore those triggered during SDT.
A: I don’t believe you can create an alert trend report that would exclude SDT alerts, but you should be able to manage this using the alert filtering options in a normal Alerts report- Under “More” select “SDT” and change the value to “No” https://imgur.com/a/x48wioX
Q: Is it possible to have a link in Logic Monitor between a "Network Switch" and "Devices" behind it? So when the "Network Switch" is down Network will receive an alert and the Server Team will received a list of devices falsely sees "down" with a reference to the "Network Switch" cause of the "Device down"
A: Depending on your LM account level you may have access to the Root Cause Analysis/Dependency feature which enables this through our topology mapping https://www.logicmonitor.com/support/enabling-root-cause-analysis