Adjusting events query for SolarWinds Connector
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-07-2022 06:28 PM
We are currently looking to utilize the OOB connector for SolarWinds alerting in ITOM. However, one of the hurdles that we encounter is the deluge of events coming in from our SolarWinds instances due to the lack of proper event filtering.
I checked the connector instance definition and saw that Line 174 to Line 187 gives us the SWQL query that will be executed for fetching the events. While I can modify this script to add "AND EventType=5000" on the last part of the query, I am trying to look for OOB variables so that I can insert the additional condition without modifying the original script.
Line 174 to Line 187:
getQueryForExecute : function () {
var latestTimestamp = this.probe.getParameter("last_event");
var query = "SELECT TOP " + MAX_EVENTS_TO_FETCH +
" EventID, EventTime, NetworkNode, NetObjectID, EventType, Message, Acknowledged, " +
"NetObjectType, Timestamp FROM Orion.Events " +
"WHERE NetworkNode >= 0 AND NetObjectID > 0 ";
if (latestTimestamp != null) { //differ between first collcection cycle to others
query = query + "AND EventID > " + latestTimestamp + " order by EventID asc ";
} else {
// in case it is the first collection cycle, take maxEventsCount events from the end
query = query + " order by EventID desc ";
}
I've searched for an answer in the community and documents but only this page got me closer to what I am searching for.
https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/event-management/task/configure-solarwinds-metric-conectr.html
According to the document there is a Connector Instance Values related list most of which we've been actually been able to configure before. What I am trying to find is a variable that would allow me to insert an AND statement on top of the WHERE clause that the connector already generates. This way, our query looks like:
SELECT TOP 1000
EventID, EventTime, NetworkNode, NetObjectID, EventType, Message, Acknowledged, NetObjectType, Timestamp
FROM Orion.Events
WHERE NetworkNode >= 0 AND NetObjectID > 0 AND EventType=5000
- Labels:
-
Orchestration (ITOM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-12-2022 05:43 AM
Hi,
yes the default connector fetches all the events from Solarwinds which is a pain... we had this issue as well and what we did was to utilize the API action that Solarwinds has in its alert configuration which allows you to post to ServiceNow.. but this will also need testing of all the alert types as i came across 2-3 instances which did not work even though the POST was successful... thought of sharing this if it helps in anyway..
