LogicMonitor Portal Metrics

[Kerry DeVilbiss 0]

LogicMonitor Portal Metrics is a DataSource that queries the API of a specified LogicMonitor portal for overall statistics such as device, collector, and alert counts. It was originally written by fellow Sales Engineer @Jake Cohen, and updated by Monitoring Engineer @Julio Martinez (credit where credit is due!) It can be useful for tracking the activity within an account over time.

The recommended/ required method for implementing the DataSource is as follows:

1. Download the LogicMonitor Portal Metrics DataSource from the LogicMonitor Repository using locator code J7RGZY.
2. Add a new device to your account in Expert Mode - use 'logicmonitor.account' in place of IP Address/ DNS and whatever you'd like for the Display Name (LogicMonitor Portal, for example.)
3. - This device won't respond to standard DataSources, so you'll probably want to do some alert tuning once it's been added.
4. Add properties to the device to allow the DataSource to authenticate. The required properties are:

• lmaccount (LogicMonitor account name - without the logicmonitor.com at the end)
• lmaccess.id (LogicMonitor API Key Access ID)
• lmaccess.key (LogicMonitor API Key Access Key)

1. Once those properties are in place, the DataSource should automatically apply to the new device.
2. Download the LogicMonitor Portal Metrics dashboard from Github.
3. Let us know what you think!

Edited October 9, 2018 by Kerry DeVilbiss
nametags

[Tom Lasswell 21]

@Kerry DeVilbiss this is awesome. Question for y'all on this, the total alert count looks to be maxing at 800. I haven't done any troubleshooting yet to see if that's just what it's reporting, but curious if that's a limitation somewhere in the script.

[Tom Lasswell 21]

Found it it's in the call to LM, 

    int itemsPerPage = 800

 

[Mosh 124]

Cool. We do a similar thing for alert volumes in each of our regions, the types of alerts (based on data points) and the alert acknowledgements by operator.

[Joe Tran 24]

We recently received and deployed a datasource we got from @Jake Cohen that also displays the number of Cloud devices monitored by a Collector, which is important for my leadership to understand our account utilization/commit metrics. I would highly encourage "LogicMonitor Portal Metrics DataSource from the LogicMonitor Repository using locator code J7RGZY" also incorporate this datapoint. 

[Joe Williams 9]

This datasource is exactly what we are looking for, but there is one problem.

It isn't returning the proper counts for alerts.

I tried adjusting the two variables

    int maxPages = 5
    int itemsPerPage = 800

But the most I could get is 1000. Our current count is 9079 Warnings, 415 Errors and 284 Criticals, but everything gets moved to all equal 1000. Even when I adjust the two variables to a much higher rate.

[Joe Williams 9]

I can't seem to edit my post.

It appears the paging parameters aren't working, most likely the offset.

[Antony Hawkins 0]

@Joe Williams the alerts count paging works differently to other calls. I don't know why, but it does:

https://www.logicmonitor.com/support/rest-api-developers-guide/v1/alerts/get-alerts/

Quote

Note: The response 'total' will be a negative number if there are additional alerts that satisfy the request criteria that weren't included in the request, and that "at least" that number of alerts exist. For example, if you request the first 500 alerts and you have 3000 alerts in your account, the response may include total=-1000 (i.e. you have at least 1000 alerts, but you didn't ask for them all).

 

Therefore, your recursion to fetch additional alerts should run if the 'total' is a negative number.

Something a bit like this (NOT complete code):

// Enclosure to GET alerts for a Group
def GETGroupAlerts(groupWildvalue,filterString='',offsetPassed=0)
{
	/*
	... define url including size, fields, filters etc and make API call for alerts.
	Initial offset will be zero as per default passed parameter.
	Hardcode size to be 1000 as this is the maximum number of results the API will return from one call.
	*/

	/*
	... actually use the above to make the API call...
	*/

	// Parse the API response and put the results into a map, something like:
	if (code == 200)
	{
		// 200 response code (OK), meaning credentials are good. Slurp...
		def allResponse = new JsonSlurper().parseText(responseBody);
		def alertCount = allResponse.total;

		// LOOP THROUGH RESULTS:
		allResponse.items.each
		{ alert ->
			alertsMap << [
							(alert.id) : [
											severity 	: alert.severity,
											sdted		: alert.sdted,
											acked		: alert.acked,
										],
						];

		}

		if(alertCount < 0)
		{
			/*
			// DEBUG
			println 'we ought to go get some more...';
			println 'alertCount: ' + alertCount;
			println 'size: ' + size;
			println 'offset: ' + offset;
			println 'size + offset: ' + (size + offset);
			// END DEBUG
			/**/
			alertsMap << GETGroupAlerts(groupWildvalue,filterString,(size + offset));
		}
	}
	return alertsMap;
}
//----------------------------------------------------------------------------------------

Whenever you finally get a response with a positive 'total' number, you're at the end of the alerts list, the recursion will stop, and you'll have one alertsMap object with all the alerts in it, which you can then do whatever you like with.

Note the above bits of code are from a script that uses the API v2 data structure. Note also, the hacked out chunks above are nothing like a complete script.

Note graph values match Alerts tab values:

 

Edited December 6, 2018 by Antony Hawkins

[Joe Williams 9]

@AnthonyH That was it.

            if (response.data.total > 0)
            {
                break
            }

With that at the bottom instead of the original and I took out another portion it now works flawlessly.

[Kevin Ford 4]

Thank you, Kerry, for making this available!

I made a minor change to fix pulling of alert metrics, available at GJNN46.

I also included an optional, commented-out variation of the function that processes alert metrics to account for SDT, resulting in numbers similar to those shown on the Alerts tab in LogicMonitor's sidebar. Using that would also make available a new metric - 'SDTedCount' - with the number of active alerts in SDT. (You'd need to add that metric as a datapoint if you try that alternate function.)