Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > Syslog top talkers report

Syslog top talkers report

Created by Daniel Polaske, last modified by Kevin Twomey on Mar 26, 2018

Views: 1,039 Votes: 0 Revisions: 5


This articles provides information regarding a Syslog top talkers report which lists the source IP address by count as well as severity of all syslog data needed.


All NPM versions.


An example or a  pre-made Syslog top talkers report can be found on this Thwack post:

Syslog SQL Top Talker Queries (using SQL)

Query to see 24 hours of data by host, MessageType, and count.  
(Can modify SQL below for both Syslogs or Traps tables)

select hostname, COUNT(Msgid) as total from Syslog
where DateTime>DATEADD(day, -1, GETDATE() )
group by hostname
order by total, hostname desc



select nodeid, hostname, SysLogFacility, SysLogSeverity, COUNT(Msgid) as total from Syslog
where DateTime>DATEADD(day, -1, GETDATE() )
group by nodeid, hostname, SysLogFacility,SysLogSeverity
order by total, hostname, SysLogFacility,SysLogSeverity desc


Advanced SQL reports:

Some of the SQL codes shown in the Show SQL > SQL tab is basic and used in pulling data from the database tables, others are more complex and they stored SQL views. 
As you cannot edit SQL directly the SQL tab, you can do the following if you wish to modify the SQL code:

    1. Click File > New Report > Advanced SQL report and click OK.
    2. Report Designer opens and in it you can write your own SQL report.


Last modified