Skip to main content

SolarWinds

Supported Versions

Type

Authentication Type

Orion Server/Network Performance Monitor, Versions <=2022.4.x

Webhook

Org Bearer Token

The integration works by subscribing BigPanda to all SolarWinds alert notifications. This is accomplished by creating both a trigger and reset action within SolarWinds and attaching these actions to all alerts. When a subscribed alert is triggered a notification is sent to the BigPanda API endpoint. BigPanda then processes and correlates the alert data from SolarWinds to create and maintain up-to-date incidents in BigPanda.

Open Integration Manager

The Open Integration Manager is available for use with this integration. For more information, see the Open Integration Manager documentation.

Payload size

Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.

Key Features

  • Uses native SolarWinds Actions to forward alerts to BigPanda.

  • Extensible alert template allows you to customize the alerts to your needs.

  • Alerts configured with the provided reset action will automatically resolve in BigPanda when reset.

  • Uses the new BigPanda integration installer which:

    • Supports remote installation (must be able to communicate with the SolarWinds server).

    • Provides descriptive feedback in the event of an issue.

SolarWinds Data Model

BigPanda normalizes alert data from SolarWinds into tags. You can use tag values to filter the incident feed and to define filter conditions for Environments. The primary and secondary properties are also used during the correlation process.

Standard Tags

Tag

Description

Attributes

alert

Alert name in SolarWinds.

host

Hostname of the node the alert is related to.

Primary Property.

object

Name of the object the alert is related to.

Secondary Property.

object_type

Type of the object the alert is related to (for example, Node).

solarwinds_url

Link to the alert in SolarWinds

status

Severity of the alert from SolarWinds

acknowledged

Flag indicating if the alert was acknowledged.

acknowledged_by

Name of the person who acknowledged the alert.

Manage the Integration

The SolarWinds integration may need to be updated or upgraded.

Keep SolarWinds Updated

To ensure all your alert information is available in BigPanda it's important to assign the BigPanda integration actions whenever you create a new alert.

When creating a new Alert:

  1. On the Trigger Actions step click Assign Action(s).

  2. Select Send to BigPanda - Trigger.

  3. On the Reset Actions step click Assign Action(s).

  4. Select Send to BigPanda - Reset.

  5. On the Summary step ensure both BigPanda actions are assigned.

  6. Click Submit.

Upgrade the Integration

If you are using the old version of the BigPanda SolarWinds integration you may want to consider upgrading to the latest version.

Features and Improvements

  • No reliance on mapping enrichment, hostname is added to alert payload automatically.

  • No reliance on "external" scripts or database access / modification.

  • Send customizable and extensible payloads to BigPanda.

  • Easily install and manage the integration with the installer tool and SolarWinds console.

  • Uses SolarWinds supported method for sending alerts to BigPanda for long-term stability and reliability.

Upgrade Process

  1. Remove the old SolarWinds integration:

    1. Download the old integration's config tool from the old SolarWinds integration instructions page in BigPanda.

    2. Run the ./bigpanda-solarwinds-config list command to find your existing subscriptions.

    3. Run the ./bigpanda-solarwinds-config uninstall command to remove each subscription.

    4. Delete the old SolarWinds integration in BigPanda.

  2. In BigPanda create a new SolarWinds integration. Do not reuse the old integration.

  3. Follow the steps in Installing the Integration.

Troubleshooting

I can't connect to the SolarWinds server

Ensure the following:

  1. Your REST API URL is using https, not http.

  2. Your REST API URL has the correct port for the SolarWinds REST API (usually 17778).

  3. You have the correct username and password with admin access.

I can't get the installer to work

If for some reason the installer simply won't work you can configure the SolarWinds server by hand by following these steps:

Manually configuring the SolarWinds server

  1. Create new actions in SolarWinds:

    1. Navigate to Alerts > Manage Alerts.

    2. Select any alert and click Edit Alert (you cannot directly create a new action).

    3. Click the Trigger Actions step and then click Add Action.

    4. Select Send a GET or POST Request to a Web Server.

    5. Click Configure Action.

    6. Fill in the Action Pane with the following details:

      • Name of Action: Send to BigPanda - Trigger

      • URL: https://integrations.bigpanda.io/oim/solarwinds/alerts?access_token=<ORG_TOKEN> (replace <ORG_TOKEN> with actual bearer token)

      • Select Use HTTP/S POST

      • Body to Post: Fill in with the Alert Template - Trigger Action, replacing <INSERT_APP_KEY> with the appropriate BigPanda app key

        {
"app_key": "<INSERT_APP_KEY>",
"status": "${N=Alerting;M=Severity}",
"alert": "${N=Alerting;M=AlertMessage}",
"host": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID} }",
"object": "${N=SWQL;M=SELECT TOP 1 EntityCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID} }",
"object_type": "${N=Alerting;M=ObjectType}",
"description": "${N=Alerting;M=AlertDescription}",
"solarwinds_url": "${N=Alerting;M=AlertDetailsUrl}",
"acknowledged": "${N=Alerting;M=Acknowledged}",
"acknowledged_by": "${N=Alerting;M=AcknowledgedBy}",
"timestamp": "${N=SWQL;M=SELECT GETUTCDATE() as a1 FROM Orion.Engines}",
"solarwinds_object_id": "${N=Alerting;M=AlertObjectID}"
}

      • Content Type: Replace with application/json

      • Time of Day: No additional schedule for this action needed

      • Execution Settings: Leave as-Is

    7. Click Add Action.

    8. Click the Reset Actions step and then repeat steps 4 - 7, using the Reset Action template instead of the Trigger Action template.

      {
"app_key": "<INSERT_APP_KEY>",
"status": "${N=Alerting;M=Severity}",
"alert": "${N=Alerting;M=AlertMessage}",
"host": "${N=SWQL;M=SELECT TOP 1 RelatedNodeCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID} }",
"object": "${N=SWQL;M=SELECT TOP 1 EntityCaption FROM Orion.AlertObjects WHERE AlertObjectID = ${N=Alerting;M=AlertObjectID} }",
"object_type": "${N=Alerting;M=ObjectType}",
"description": "${N=Alerting;M=AlertDescription}",
"solarwinds_url": "${N=Alerting;M=AlertDetailsUrl}",
"acknowledged": "${N=Alerting;M=Acknowledged}",
"acknowledged_by": "${N=Alerting;M=AcknowledgedBy}",
"timestamp": "${N=SWQL;M=SELECT GETUTCDATE() as a1 FROM Orion.Engines}",
"solarwinds_object_id": "${N=Alerting;M=AlertObjectID}",
"reset": true
}

    9. Click Next.

    10. Click Submit on the Summary page.

  2. Assign actions to all desired alerts:

    1. From the Alert Manager view select all the alerts you wish to send to BigPanda (or click select all if everything) and then click Assign Action > Assign Trigger Action.

    2. Select the Send to BigPanda - Trigger action and click Assign.

    3. Repeat for Assign Action > Assign Reset Action using the Send to BigPanda - Reset action.

Unexpected Token in JSON Error

If BigPanda fails to process alerts from Solarwinds and shows Unexpected token in JSON error messages in the API response, it's likely there are unescaped characters causing the JSON format to be invalidated.

This is a known SolarWinds bug that sometimes affects string-type variables that include freeform text. Please contact SolarWinds support for assistance in tracking down these values and troubleshooting this issue.

As a workaround, SQL string replacement can be used. For example, instances of ${Caption} can be replaced with ${SQL: SELECT REPLACE(Caption, '\', '\\') FROM Volumes WHERE VolumeID = ${VolumeID}}. If the field that needs replacement comes from an Interfaces variable, the SQL will need to read FROM Interfaces WHERE InterfaceID = ${InterfaceID}.

For a full list of variables, refer to the Solarwinds documentation.

SolarWinds Interface Variables (Network Atlas)

SolarWinds Volume Variables (Network Atlas)

SolarWinds Volume Variables (All Alert Types)

SolarWinds Alert Variables

    Uninstall the Integration

    Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.

    Caution during replacement

    When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.

    Deactivate Inbound Integration

    If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.

    To deactivate an inbound integration:

    1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.

    2. At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.

    In the integrations list, inactive integrations will be marked with a gray bar.

    Alert Resolution for Inactive Integrations

    Any active alerts belonging to an inactive integration must be manually resolved or they will stay in the system until the auto-resolve window is reached.

    Stop Sending Data to BigPanda

    Use the BigPanda SolarWinds Installer utility to automatically remove the BigPanda configuration from SolarWinds.

    1. Run the BigPanda SolarWinds installer tool. This must be run on either the SolarWinds server or another machine that has network access to the SolarWinds server.

    2. Fill in the details for your SolarWinds server and account.

    3. Click Uninstall and wait for the uninstallation to complete.

    4. In the event of an issue, you'll be provided a descriptive message to help troubleshoot.

    Delete the Integration in BigPanda

    Take the following steps to delete the integration from BigPanda:

    1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list.

    2. In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.

    ️Automatic alert resolution for deleted integrations

    All active alerts from the integration will be resolved after deletion.

    Data removal

    This procedure does not remove any data from the integrated system.

    In this section: