Submit a ticketCall us
Home > Success Center > Network Performance Monitor (NPM) > Syslog top talkers report

Syslog top talkers report

Created by Daniel Polaske, last modified by Kevin Twomey on Mar 26, 2018

Views: 925 Votes: 0 Revisions: 5

Overview

This articles provides information regarding a Syslog top talkers report which lists the source IP address by count as well as severity of all syslog data needed.

Environment

All NPM versions.

Detail

An example or a  pre-made Syslog top talkers report can be found on this Thwack post:

Syslog SQL Top Talker Queries (using SQL)

Query to see 24 hours of data by host, MessageType, and count.  
(Can modify SQL below for both Syslogs or Traps tables)

select hostname, COUNT(Msgid) as total from Syslog
where DateTime>DATEADD(day, -1, GETDATE() )
group by hostname
order by total, hostname desc

 

Or


select nodeid, hostname, SysLogFacility, SysLogSeverity, COUNT(Msgid) as total from Syslog
where DateTime>DATEADD(day, -1, GETDATE() )
group by nodeid, hostname, SysLogFacility,SysLogSeverity
order by total, hostname, SysLogFacility,SysLogSeverity desc

 

Advanced SQL reports:

Some of the SQL codes shown in the Show SQL > SQL tab is basic and used in pulling data from the database tables, others are more complex and they stored SQL views. 
As you cannot edit SQL directly the SQL tab, you can do the following if you wish to modify the SQL code:

    1. Click File > New Report > Advanced SQL report and click OK.
    2. Report Designer opens and in it you can write your own SQL report.

 

Last modified

Tags

Classifications

Public