Recent Content
CMDB Sync relation overrides
Device sync has quite a mandatory configuration option about relations between SL1 devices vs Snow CIs. We have used that a lot but now struggling with some issue we noticed this "values" section. In documentation we can see this picture: which shows that there is part "values" and it is told that they are Additional Child Class Values. Then in example we have this { "cmdb_ci_db_mssql_instance": { "relations": [ { "parent": "cmdb_ci_win_server", "rel_type": "Runs on::Runs", "reverse": true } ], "values": {"sys_class_name": "snow_ci_class", "instance_name": "name"} }, "cmdb_ci_db_mssql_database": { "relations": [ { "parent": "cmdb_ci_db_mssql_instance", "rel_type": "Contains::Contained by", "reverse": false } ], "values": {"sys_class_name": "snow_ci_class", "database": "name"} }, "cmdb_ci_db_mssql_server": { "relations": [ { "parent": "cmdb_ci_win_server", "rel_type": "Runs on::Runs", "reverse": true } ], "values": {"sys_class_name": "snow_ci_class", "instance_name": "name"} } } Not much told about those in documentation, so few questions arise: when do we need to use those? Seems to be optional anyway. what are the field names to be used here. In the example snow_ci_class seems to be coming from device attributes/field from SL1, then probably the key part is the snow field? Is that correct?
Azure SMB file share level monitoring
After discovering our Azure environment we noticed that by default the Storage account utilization is monitored and has events created. But we have 4 SMB file shares on a single storage account. We're looking to monitor the utilization of each file share individually to generate events. Right now we could potentially have a file share 100% utilized and not generate an event because the storage account utilization is not an issue. Is there a way to enable this without programming it into the existing power pack?
Some encoding issue with python3 version of snmph_from_cred_id function?
Hi, Encountered weird issue when trying to query MAC-address information with SNMP. With python2 version of this function, mac address information is returned as hex string as it should but when using python3 version, the same information is returning something other than hex string. Python3 version: Python2 version: Maybe some encoding issue with python3 version?
Question on Action Policy for Event Enrichment
Looking for some inputs on how i use Run book Variable (specifically "Device Group " , %1 ) in an Action policy of type Snippet for Event source. Basically, I am trying to do some Event Enrichment via Action Policy of type snippet i.e If alert related to particular Device under Device Group then set Alert Severity to CRITICAL. Example, if org is Azure and Device Group is sql , then set severity to CRITICAL else MAJOR. Looking for correct syntax for below if EM7_VALUE ['%O'] =='Azure' and EM7_VALUE['%1']=='sql'
Interface admin/operationally down events
OK. So I'm fairly new to modifying events in SL1, but our NOC has requested that we research suppressing the "Poller: Interface operationally down" event if "Poller: Interface Admin down" is active on a given interface. That makes perfect sense to me. If an interface is admin down, then there is absolutely no need for the operationally down event/alert. Other tools I have administered in the past had this logic baked in out of the box, but that doesn't seem to be the case with SL1. I looked at using the Autoclear option for the Admin down event to have it clear the operationally down message, but I'd much rather just not have the operationally down event trigger at all if the interface is admin down. Any thoughts on how to get this configured? Thank you.
