Joe Tran

  • Content Count

  • Joined

  • Last visited

  • Days Won


Community Reputation

22 Excellent

1 Follower

About Joe Tran

  • Rank
    Community All Star

Recent Profile Visitors

749 profile views
  1. Assuming you leverage and consume custom alert messaging, you can define the KB article at the datasource template level. Taking your CPU utilization example, go to your CPU datasource LogicModule, and add the URL to the custom alert messaging for the desired datapoint triggering alerts. If the KB is different for different subset of resources, then the alert messaging should be updated to reference a custom property that would be assigned to or inherited by the resource. Example ##CPU_KB_URL##, then you would assign/inherit the cpu_kb_url property to your different subsets of resources. This does mean you will have to maintain these properties in LM.
  2. It looks like someone in my org had enabled "Enhanced Monitoring" for several AWS RDS instances--a surprise, to be sure, but a welcome one . I would love Cloud Collector method that can consume this data and display it along side all other metrics we are collecting in LogicMonitor. Implementation should be relatively simple. In the discovery, presumably using describe-db-instances, we would just need a* property for the "dbiresourceid" which can be used to get-log-events.
  3. We have website-Overall trigger critical alerts and individual test locations trigger errors. I have toyed with the idea of a script that scrapes our ticketing system's API (ServiceNow) for website alerts, query the LM REST API for the alert message from the one/all error level alerts for that monitor object, and add that "context" to the ticket. We're pretty heavy in AWS so this would be all done via one or more Lambda Functions. Biggest downside--this is asynchronous.
  4. Saw this article from Ars Technica pop up in my news feed 😶
  5. I was able to recently use the v2 REST API to clone dashboards. 1. HTTP GET your "template" dashboard via /dashboard/dashboards/{id} 2. Modify the "template" to suit your need for the new clone, and deleting the following keys: id, template, userPermission, shareable, (and maybe groupName and groupFullPath, I was cloning private dashboards, so these keys don't apply to my immediate use case) 3. HTTP POST your modified "template" at /dashboard/dashboards/{id}/clone *insert disclaimer about undocumented REST API features*
  6. Assuming this is for the website-Overall instance--I'll just leave these other posts about improving and providing better context for Website (formerly Services) alerting: I am guessing the issue is one of scoping. Both website-Overall and the individual test locations are treated as separate instances. LogicMonitor doesn't have a good mechanism for instances to share data and metadata. I have contemplated creating a job/script/function that crawls our ticketing system for Website alert tickets, polls the LM API for the message from the individual test location (which we populated with the ##WEBSITERESPONSE## token), and insert that into the ticket. 🤷‍♂️
  7. ... with exceptionStatus ORA-01013: user requested cancel of current operation That is all. 😅
  8. As I am sitting here, trying to explain to one of our internal partners, for what seems like the umpteenth time, on how to read an alert threshold expression from a ##THRESHOLD## token--it would be great if there were individual message tokens for each of the thresholds. Something like ##WARNINGTHRESHOLD##, ##ERRORTHRESHOLD##, and ##CRITICALTHRESHOLD## that should render the comparison operator and that respective threshold value, example--- This way, I can be more clear as to what this string of numbers actually mean in this type of fashion
  9. Our DevOps team is developing a Grafana solution and having a LogicMonitor plug-in would be great to have!
  10. It looks like without instances, the Alert Threshold report does not list the datasource at all.
  11. So it looks like while the UI hides datasources without instances and the API will not list the datasource when querying for /device/groups/{groupId}/datasources, the API will still accept PUT/PATCH operations for that datasource id /device/groups/{groupId}/datasources/{datasourceId}/alertsettings Hopefully that persists when the datasource finds a blocking session!
  12. I have a version of the "Oracle_DB_BlockedSessions" datasource template deployed and set an alert threshold on a complex datapoint that accounts for WAIT_TIME and SECONDS_IN_WAIT. Here is the complex datapoint expression for those curious--- if( eq(if(un(WAIT_TIME),0,WAIT_TIME), 0), if(un(SECONDS_IN_WAIT_RAW),0,SECONDS_IN_WAIT_RAW), 0) If the complex datapoint has a value over 300 seconds, an alert triggers with all the enriched instance-level autoProps from the Active Discovery script. All other aspects of this template mirror the gold-standard version--including enabling the "Automatically Delete Instance" option. Enter Client X, and they are comfortable with a threshold of 900 seconds. How can I set this custom threshold at a resource group for Client X when they don't currently have any blocking sessions? If I do manage to catch and set this Alert Tuning customization when Client X has a blocking session, will this alert tuning get wiped out when the DSIs are removed automatically? I suppose the Active Discovery script could be modified to always output a dummy instance... but that leaves an unpleasant taste in my mouth. Aside from cloning the datasource just for Client X, are there any other alternatives? And no, I do not want to alert off of the "Oracle_DB_BlockedSessionOverview" template because a it doesn't do a good job of discerning between one really long blocking session versus sequential and short-lived sessions that happen to exist at the time of the poll.
  13. I don't typically use the /device/devices/{id}/properties/{name} endpoint but i would give the following a try: # Construct URL $resourcePath = "/device/devices/2332/properties/Failover.Cluster.ParentGUID" $url = $URLRoot + $resourcePath $data = ` @" { `"type`" : `"custom`" , `"name`" : `"Failover.Cluster.ParentGUID`" , `"value`" : `"$ClusterID`" } "@ $response = Send-Request ` -accesskey $accessKey ` -accessid $accessId ` -URL $url ` -data $data ` -httpVerb "PUT" The type key might not be needed. The SwaggerDoc on this endpoint is weird. It literally says that the POST method is supported but all the keys in the model are readOnly?
  14. For /device/devices the inheritedProperties objects should include a key-value pair that identifies the hostGroupId that object is inherited from Example { "status": 200, "errmsg": "OK", "data": { "total": 1, "items": [ { "name": "hostname", "inheritedProperties": [ { "name": "keyname1", "value": "value1", "inheritedFromHostGroupId": 2 } ] } ] } } I'm not super tied to the name of the proposed key 😉 Thanks!
  15. Yup, customProperties object only has directly assigned props. What you do what are the inheritedProperties for the /device/devices API endpoint-- $queryParams = '?fields=inheritedProperties,name,id&size=1000&,inheritedProperties.value:DefaultCODE'; P.S. Thanks for bringing this up. I've been trying to find where the "aws.accountid" is grouped under and lo' and behold it's an inheritedProperty!