Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > LEM console receives unmatched data events

LEM console receives unmatched data events

Updated: September 28, 2018

Overview

This article provides information on an issue where the LEM console receives unmatched data events. This is a common event mostly due to the fact that many vendors add/remove/change log message formats on their appliances or applications.

 

As a best practice, you should schedule a monthly Tool Maintenance by Alias report (24 hours date range should be sufficient) from the LEM reports console to review unmatched data events. This ensures you can keep the appliance updated with the latest connectors where required and report to SolarWinds Support if you are still getting unmatched data.

Environment

All LEM versions

Cause

Possible reasons this occurs:

  • Unmatched data events indicate that not all the logs from a particular third-party log source are normalized.
  • Unmatched data does not indicate that something is broken. The events are still inserted into the database but are not properly normalized. 
  • Unmatched data requires modification of connectors from our Dev team to normalize these logs.
  • Unmatched data occurs when a log has never been seen by the Dev team or a third-party vendor adds additional events to their product.
  • Old connectors have fewer chances of getting unmatched data.
  • New connectors often receive unmatched data.

Resolution

You have an older version of the affected LEM connector:

  • For LEM 6.2 or later (online):
    • Run the Automatic Connector from the LEM web console.
  1. On the LEM toolbar, navigate to Manage > Appliances.
  2. From the Connector Updates drop-down list, select Update now. A notification message informs you if the update is successful or not after a few minutes.
  • For LEM 6.2 or later (offline):

If your connectors are up to date and still getting unmatched data:

  1. Allow a  data sample to build for at least a couple of hours to 24 hours.
  2. After a log sample has been collected, go to your Report console, and then run the Tool Maintenance by Alias report to generate a report of all the unmatched data (see the Example below).

    Select only a few days for the time frame of the report. This allows the Dev team to get as many sample logs as needed in a single report.

  3. Click Export. 
  4. Upon receipt of the new connector, install the update and verify the previously unmatched data if it has now normalized.
  5. Click OK, and then select all pages in the Save file dialog box.
  6. Save the file.
  • The development process can take 4-6 weeks.
  • It is still possible to get additional unmatched logs even after getting an update. These are logs that were not in the first Tool Maintenance by Alias report.

 

Example:

Tool Maintenance by Alias example

 

Last modified

Tags

Classifications

Public