Technical Tip: How to remove duplicate metric entries from database if present in CMDB -> Device -> Monitor

While monitoring any device/application in CMDB, it is often observed that duplicate monitoring entries for metrics collected using Linux/Windows Agent are present and they cannot be removed directly.

The below steps can be followed to remove duplicate metric entries.

Step 1: Take a complete snapshot of the Supervisor instance before applying any changes.

Step 2: Login to the Database and list metrics for the device, Replace <IP> with the actual IP of a device as noticed in CMDB.

psql -U phoenix phoenixdb

select to_timestamp(ph_monitor_config.last_modified_time/1000) as last_modified, ph_monitor_config.id, ph_monitor_config.data_id, ph_mon_perf_obj.id, ph_monitor_config.target, ph_mon_perf_obj.description, ph_monitor_config.last_state from ph_monitor_config inner join ph_mon_perf_obj on ph_monitor_config.data_id=ph_mon_perf_obj.id where ph_monitor_config.target='<IP>';

Step 3: Identify the metric to be deleted, Check for the timestamp which shows the older timestamp. This is the best way to identify which metric entry is old and which one is new. Note down ph_monitor_config.id from the above command as it would be used to remove duplicate entries in the next step.

Step 4: Delete an entry from the database, Replace <ID> with actual ID as noticed from previous step 3.

delete from ph_monitor_config where id='<ID>';

Step 5: Restart AppSvr, Wait for 5-10 minutes for AppSvr to be back up and running:

kill -9 $(cat /opt/glassfish/domains/domain1/config/pid)

Step 6: Verify using the below command if AppSvr is up and running after 5-10 minutes.

phLicenseTool --showDatabasePassword

Step 7: Log in to FortiSIEM GUI and verify duplicate metrics are no longer present.