I used this code recently in a Splunk dashboard where i needed to have multple time ranges from one seachTemplate search. This code you can use in a searchPostProcess element to change the time range (in this case to 'yesterday')
eval ADayAgo=now()-86400 | eval yesterdayText=strftime(ADayAgo,"%Y-%m-%d") | eval yesterdayTextEnd=yesterdayText. " 23:59:59" | eval endEpoc=strptime(yesterdayTextEnd,"%Y-%m-%d %H:%M:%S") | where _time >endEpoc-86400 and _time <=endEpoc
Rick Jury's Blog
Technical blog for IT stuff like SCOM, CA infrstructure Manager, Unicenter, vbscript and stuff I'm interested in in IT.
Tuesday 28 April 2015
Monday 27 April 2015
How to fix issue pasting text with comment # into linux causes subsequent lines of text to get double commented.
From time to time I paste text into scripts and config files into vi/vim on linux and you find doing so corrupts your text because there is a comment character # and every subsequent line gets commented.
If you are color coding you also find all the text after the first comment goes the comment color (say blue on black.)
I'm not a fanatical unix guy so for a long time I worked around this and found it quite infuriating. Here is how to avoid this when it comes up.
To solve this problem do:
If you are color coding you also find all the text after the first comment goes the comment color (say blue on black.)
I'm not a fanatical unix guy so for a long time I worked around this and found it quite infuriating. Here is how to avoid this when it comes up.
To solve this problem do:
- Before entering insert mode
run
:set paste
. - After you leave insert mode with
:set nopaste
.
Thursday 3 April 2014
SCOM Script Monitor Numeric Expressions Default To String
Here's a straighforward explanation of something I found took me a long time to figure out. I found lots of posts but none that explain this straight up...(also I'm sure I knew this 5 years ago when I was doing heaps of SCOM stuff but had since forgotten!)
If you make a SCOM scripted state monitor using say a vbscript and you want to check the result of a numeric value (say an integer), by default it does a string comparison not a numeric one.
Regardless of the variant type your script produces (note variant types listed here: http://www.culham.net/2012/scom/property-bags-and-variant-types ) the authoring gui's create a STRING type compare. This is because there is no datatype field on the SCOM editing screen (unlike say CA Spectrum event configuration where every value has to be typed explicitly).
For example say I return this with my MOM.ScriptAPI AddValue("diffThresholdMinusRun",iServiceCountThreshold-good)
this results in something like:
<DataItem type="System.PropertyBagData" time="2014-04-04T12:09:26.8984174+13:00" sourceHealthServiceId="2B60ADC4-15C5-0FE3-7FF8-1"></Property><Property Name="diffThresholdMinusRun" VariantType="2">-1</Property>...
Now I create a unhealthy expression in SCOM for >0 critical and <=0 OK. Unfortunately the comparisions default to STRING so don't work properly. Any negative value is evalutated as unhealth (becuase - is > 0 in string compare) For example
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='diffThresholdMinusRun']</XPathQuery>
</ValueExpression>
<Operator>Greater</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
The only way to fix this is to edit the management pack xml (in the 'edit' screen in authoring console or in xml editor) so that it has a valid numeric type (say Integer).
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">Property[@Name='diffThresholdMinusRun']</XPathQuery>
</ValueExpression>
<Operator>Greater</Operator>
<ValueExpression>
<Value Type="Integer">0</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
If you make a SCOM scripted state monitor using say a vbscript and you want to check the result of a numeric value (say an integer), by default it does a string comparison not a numeric one.
Regardless of the variant type your script produces (note variant types listed here: http://www.culham.net/2012/scom/property-bags-and-variant-types ) the authoring gui's create a STRING type compare. This is because there is no datatype field on the SCOM editing screen (unlike say CA Spectrum event configuration where every value has to be typed explicitly).
For example say I return this with my MOM.ScriptAPI AddValue("diffThresholdMinusRun",iServiceCountThreshold-good)
this results in something like:
<DataItem type="System.PropertyBagData" time="2014-04-04T12:09:26.8984174+13:00" sourceHealthServiceId="2B60ADC4-15C5-0FE3-7FF8-1"></Property><Property Name="diffThresholdMinusRun" VariantType="2">-1</Property>...
Now I create a unhealthy expression in SCOM for >0 critical and <=0 OK. Unfortunately the comparisions default to STRING so don't work properly. Any negative value is evalutated as unhealth (becuase - is > 0 in string compare) For example
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='diffThresholdMinusRun']</XPathQuery>
</ValueExpression>
<Operator>Greater</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
The only way to fix this is to edit the management pack xml (in the 'edit' screen in authoring console or in xml editor) so that it has a valid numeric type (say Integer).
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">Property[@Name='diffThresholdMinusRun']</XPathQuery>
</ValueExpression>
<Operator>Greater</Operator>
<ValueExpression>
<Value Type="Integer">0</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
Wednesday 19 March 2014
SCOM Query to Show All Tasks Defined By Management Pack and Target Class
We've been looking at making better use of the built in tasks in SCOM recently. One of the biggest issues is that there are lots of tasks there but users don't realise they even exist because unless the select an object of the correct target class the pre-defined tasks are effectively invisible.
A common example is users select a windows computer object (which has one set of tasks) when if they selected a windows server operating system class object (in say the windows server MP view) htey will get a totally different set of possible tasks.
So I wrote this SQL query to dump out a list of all the tasks defined in your SCOM operations database (not the datawarehouse DB!).
Armed with this list you can easily find out what tasks exist and what target class you need to select to be able to execute them. Then using 'discovered inventory' you can specifically target a class of object to get the tasks you want (even if you don't know a canned view that targets objects of that type.)
SELECT dbo.TaskView.Id, dbo.TaskView.Name, dbo.TaskView.DisplayName, dbo.TaskView.Description, dbo.TaskView.Category,
dbo.ManagedType.TypeName AS TargetClassName, dbo.TaskView.Enabled, dbo.TaskView.Timeout, dbo.TaskView.TimeAdded,
dbo.ManagementPack.MPName, dbo.ManagementPack.MPFriendlyName AS MPFirendlyName
FROM dbo.TaskView LEFT OUTER JOIN
dbo.ManagementPack ON dbo.TaskView.ManagementPackId = dbo.ManagementPack.ManagementPackId LEFT OUTER JOIN
dbo.ManagedType ON dbo.TaskView.TargetMonitoringClassId = dbo.ManagedType.ManagedTypeId
ORDER BY dbo.TaskView.DisplayName
A common example is users select a windows computer object (which has one set of tasks) when if they selected a windows server operating system class object (in say the windows server MP view) htey will get a totally different set of possible tasks.
So I wrote this SQL query to dump out a list of all the tasks defined in your SCOM operations database (not the datawarehouse DB!).
Armed with this list you can easily find out what tasks exist and what target class you need to select to be able to execute them. Then using 'discovered inventory' you can specifically target a class of object to get the tasks you want (even if you don't know a canned view that targets objects of that type.)
SELECT dbo.TaskView.Id, dbo.TaskView.Name, dbo.TaskView.DisplayName, dbo.TaskView.Description, dbo.TaskView.Category,
dbo.ManagedType.TypeName AS TargetClassName, dbo.TaskView.Enabled, dbo.TaskView.Timeout, dbo.TaskView.TimeAdded,
dbo.ManagementPack.MPName, dbo.ManagementPack.MPFriendlyName AS MPFirendlyName
FROM dbo.TaskView LEFT OUTER JOIN
dbo.ManagementPack ON dbo.TaskView.ManagementPackId = dbo.ManagementPack.ManagementPackId LEFT OUTER JOIN
dbo.ManagedType ON dbo.TaskView.TargetMonitoringClassId = dbo.ManagedType.ManagedTypeId
ORDER BY dbo.TaskView.DisplayName
Thursday 13 March 2014
SCOM run as profile SSID in hex
it took me along time to find this post about how to convert a hex SSID value in a scom event to something where I could figure out what user was causing the problem.
reposting here so I can find it again next time!
http://social.technet.microsoft.com/Forums/systemcenter/en-US/0b9bd679-a712-435e-9a27-8b3041cddac8/how-to-find-the-runasaccount-from-the-ssid?forum=operationsmanagergeneral
reposting here so I can find it again next time!
http://social.technet.microsoft.com/Forums/systemcenter/en-US/0b9bd679-a712-435e-9a27-8b3041cddac8/how-to-find-the-runasaccount-from-the-ssid?forum=operationsmanagergeneral
Tuesday 14 January 2014
Spooky Number Times Table Game Released on Android Play Store
I launched my first android app this month that I created with Corona SDK. Its a educational times table game called Spooky Numbers Times Tables and can be found on the android store.
Spooky Numbers On Google Play
The game is free and a great way for kids of all ages to build their times table skills.
It also has a level editor so kids can make their own level to play in the game!
Spooky Numbers On Google Play
The game is free and a great way for kids of all ages to build their times table skills.
It also has a level editor so kids can make their own level to play in the game!
Sunday 17 November 2013
CA Spectrum Southbound Gateway - settting up a custom trap
I use SBGW quite a lot. there are two
flavours of host we use:
1) where its not modelled in spectrum we would use a
eventadmin model as you already know
2) if it already exists as a systemedge
agent you have to do some special stuff.
here is what I do say if I already have
a unix systemedge agent for that same ip the trap will come from.
a) create an
eventadmin with a dummy ip address that will never exist in your network
10.1.2.3 or whatever say we call this APPX. note down its model handle.
b)
change model handle attribute for sysedge EventModelContainerHandle to other
model handle of the APPX.
Now when you get a sbgw event it will generate vs the
EA model but the other events will still generate vs the origional systemedge
model. If that is still not happening you have to make sure you have setup your
events in a very specific way.
Here is my tried and tested method for all the
files to update and what to put in them. (note its not quite what you see in the
manual about making a package etc its a short cut way!)
Usually you need to do an alert map for traps using special numbers as per the 'template' mentioned in teh southbound gateway guide. So this means editing the alertmap file that you usually get form importing a mib.
You need
to mess about with it changing some of the trap fields around
number 1-17 varbind to map to the 'template' in the manual. These identify special values in the trap that match to name, ip etc. The rest you rename to be
>100 (that is the answer to the mystery of why some traps have like
systemedge log watcher have varbinds >100!). So I usually find a few I want to map to the template (for example what will be the event model name) and then prefix all the others with 1xx so 1 might be 101, 2 would be 102 etc.
I usually put all my new traps in
this file: /custom/Events/AlertMap (yes if you imported a mib you need to hunt
them down in custom/Alertmap and comment out the old version that don't have
SGBW template varbinds)
The parts that are traps with sbgw specific traps I would put in this file
also :
/SS/CsVendor/gen_app_gw/EventAdmin/AlertMap
then to make sure the changes
persist past upgrades copy to a custom file like this
/SS/CsVendor/gen_app_gw/EventAdmin/AM_components/MYEXAMPLE.aml
Each time you upgrade spectrum the cus script will cat all the aml files together to make /SS/CsVendor/gen_app_gw/EventAdmin/AlertMap
Here is an
example of an alertmap for SBGW for oracle enterprise manager which has a trap we wanted to use SBGW for. It has 90+ varbinds but #21 has the device name we want to use for each event model.
So after importing OEM mib you will
have them all as #1-90something not 101,102 etc.
# oraEMNGEvent
oraEMNGEventIndex
1.3.6.1.4.1.111.15.2.0.3 0xfff05100
1.3.6.1.4.1.111.15.3.1.1.1(101,0)\
# oraEMNGEventNotifType
1.3.6.1.4.1.111.15.3.1.1.2(102,0)\
... # oraEMNGEventTargetName
1.3.6.1.4.1.111.15.3.1.1.21(1,0)\
...
see this row has (1,0) not 121,0 which
means this varbind will be the NAME of all those lovely eventModels that will
get created in the EA container. all the 100+ ones are just varbinds I will use
in the event.
This also means you have to edit any event rules you made off the
mib so the 100+ etc map to what the varbinds were before. For traps like this
with 90something varbinds that can mean a lot of time in notepad ++ or excel...
so I would suggest get your SBGW template sorted first before you spend hours
making event policies or all the event varbinds will have to be edited again.
Now we update the eventdisp files.
1) EventModel eventdisp
/SS/CsVendor/gen_app_gw/EventDisp
these events in this file are your full events
just like the normal disp
eg. (once again note the 10x for varbinds)
0xfff05100
E 0 R { 11,21 } CA.EventCondition, "({v 105} == {S \"Critical\"})" , "0xfff05103
-:-","({v 105} == {S \"Warning\"})" , "0xfff05102 -:-","({v 105} == {S
\"Fatal\"})" , "0xfff05104 -:-","default" , "0xfff05105 -:-"
0xfff05102 E 0 A 2,
0xfff05102,11,21
0xfff05103 E 0 A 3, 0xfff05103,11,21 ...etc
you also need to
make sure they are on the end of an EVD file you make for you integration here:
/SS/CsVendor/gen_app_gw/EventAdmin/components/MYEXAMPLE.evd
If you don't next
time you upgrade spectrum your changes will get wiped when the cus script runs.
MAKE EXACTLY THE SAME CHANGES TO THE GENERIC EVENT DISP FILE
/custom/Events/EventDisp
*** A WARNING HERE *** DONT TRY AND EDIT THESE EVENTS
IN GUI OR THEY WILL GET MESSED UP AND MAKE FILES FURTHER DOWN TREE OF
/custom/events/ that will mess things up.
You should **only ever** have SBGW
events in /custom in /custom/Events/EventDisp
next the EventAdmin evendisp files
put pointers to your SBGW events
in these files
SS/CsVendor/gen_app_gw/EventAdmin/EventDisp
/SS/CsVendor/gen_app_gw/EventAdmin/components/MYEXAMPLEEA.evd
(this file is just
to keep it permanent past the next .cus script)
These events should just be
pointers e.g
# Oracle OEM
0xfff05100
0xfff05102
0xfff05103
*** PAY CAREFUL
ATTENTION HERE PEOPLE *** if your model is SBGW enabled as per #2 at start of this post above you also need to edit
its eventdisp file for systemedge this is:
/SS/CsVendor/Ctron_Gen_HOST/Host_systemEDGE/EventDisp
put the same pointers you
put in the file above eg.
# Oracle OEM
0xfff05100
0xfff05102
bear in mind every
time you upgrade spectrum from now on this file might get wiped by CA so you
always have to manage it carefully!! There is no evd /aml files to preserve your
upgrades on this file that I found.
now later on you can edit the pcause and eventformat files in the gui but don't add/remove any SBGW related events except by editing all the files above and reloading spectrum.
Subscribe to:
Posts (Atom)