Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > Syslog top talkers report

Syslog top talkers report

Created by Daniel Polaske, last modified by Kevin Twomey on Nov 29, 2018

Views: 1,182 Votes: 0 Revisions: 6

Updated 28th Nov 2018


This article provides information regarding a Syslog top talkers report which lists the source IP address by count as well as the severity of all syslog data needed.


All NPM versions.

Not to be used if using LM For Orion product.


An example or a  pre-made Syslog top talkers report can be found on this Thwack post:

Syslog SQL Top Talker Queries (using SQL)

Query to see 24 hours of data by the host, MessageType, and count.  
(Can modify SQL below for both Syslogs or Traps tables)

select hostname, COUNT(Msgid) as total from Syslog
where DateTime>DATEADD(day, -1, GETDATE() )
group by hostname
order by total, hostname desc

select nodeid, hostname, SysLogFacility, SysLogSeverity, COUNT(Msgid) as total from Syslog
where DateTime>DATEADD(day, -1, GETDATE() )
group by nodeid, hostname, SysLogFacility,SysLogSeverity
order by total, hostname, SysLogFacility,SysLogSeverity desc


Advanced SQL reports:

Some of the SQL codes shown in the Show SQL > SQL tab is basic and used in pulling data from the database tables, others are more complex and they stored SQL views. 
As you cannot edit SQL directly the SQL tab, you can do the following if you wish to modify the SQL code:

    1. Click File > New Report > Advanced SQL report and click OK.
    2. Report Designer opens and in it, you can write your own SQL report.


Last modified