I have an Item scanning for the text in a log file which returns "Up". I want a trigger that if the last 3 times it looks the value isn't "Up" to alert.
Right now I have this:
{Template_App_SWIFT:vfs.file.regexp[D:/tmp/snl_status.log,"^Subsystem Connectivity is *([A-Z][a-z]*)",,9,9,”\1”].str(Up)}=0
However this only captures the most recent value.
{Template_App_SWIFT:vfs.file.regexp[D:/tmp/snl_status.log,"^Subsystem Connectivity is *([A-Z][a-z]*)",,9,9,”\1”].str("Up",#3)}=0
Use the count() trigger function, possibly like so:
count(#3, Up, ne)
Related
Trying to setup Zabbix to show incomming login failures by syslog log files. I try to create an trigger which triggers when the last value occurs in the last 5 minutes of x amount of items.
The following expression is created:
Code:
count(/Syslog server/log[/var/log/failedlogin.log],5m,"like","last(/Syslog server/log[/var/log/failedlogin.log],#0)")>3
Also the following does not work:
Code:
count(/Syslog server/log[/var/log/failedlogin.log],5m,"like","{ITEM.LASTVALUE}")>3
I'm sure the count function works like it should be, when i fill in de variable manually the item does trigger.
But when i try to get a value out of an other items which is containing the data is seems to not work.
Could someone tell me if this is even possible? Thanks and greetings.
I basically have two tables tbl_feedback and tbl_notification that both get values inserted in them through a stored procedure whenever a person submits a feedback.
What I'm aiming for is getting a "shortened" version of a message column inserted into tbl_notification (say 60 characters max) so a notification only shows a preview of the actual message.
Is this possible using a MySQL function or do I have to resort to handling it via PHP (shortening an output string before echoing it)
The LEFT function was what I was looking for. Thanks, Paul.
I wish that google pointed me straight to this function.
w3resource on LEFT function
We need to monitor a database table for response time of an action within our system. If the response time is above a threshold, we need to send an alert with details of the action: action_type, action_name, and others.
Is this possible with Zabbix?
I tried creating a Database monitor item with the following sql:
select action_type, action_name, window_title, response_time from db.table order by action_timestamp desc limit 1;
I was hoping that Zabbix would be able to store and display all the fields in the select, but it just gets the first value (for action_type) and not all the fields.
Is there a way to do it with Zabbix? It's pretty much a must for us so if we can't do it we'd have to go with a different monitoring tool.
EDIT: here's the notification syntax from an Action that is created hoping to use multiple values - from multiple items - in a notification sent following a trigger. My question here is, is this the correct syntax? Is my attempt at using multiple items in Item values: below going to work?
Trigger: {TRIGGER.NAME}
Trigger status: {TRIGGER.STATUS}
Trigger severity: {TRIGGER.SEVERITY}
Trigger URL: {TRIGGER.URL}
Item values:
1. Action name: {"Item ##5 Name"} ("Zabbix_server"}:{ITEM.KEY1}): {ITEM.VALUE1}
2. Window type: {"Item ##2 Name"} ("Zabbix_server"}:{ITEM.KEY2}): {ITEM.VALUE2}
Original event ID: {EVENT.ID}
If a query returns more than one column, only the first column is
read.
Reference: https://www.zabbix.com/documentation/2.4/manual/config/items/itemtypes/odbc_checks
=> You can't process more than one value per item out of the box, because Zabbix design. You can still create one item/query per field.
You can use some workarounds (zabbix UserParameter return 2 or more values), but you will hit another limitations.
I'm using Gerrit REST API to query all changes whose status is "merged". My query is
https://android-review.googlesource.com/changes/?q=status:merged&n=2
where "n=2" limits the size of query results to 2. So I got a JSON object like:
Of course there are more results. According to the REST document:
If the n query parameter is supplied and additional changes exist that match the query beyond the end, the last change object has a _more_changes: true JSON field set. Callers can resume a query with the N query parameter, supplying the last change’s _sortkey field as the value.
So I add the query parameter N with the _sortkey of the last change 100309. The new query is:
https://android-review.googlesource.com/changes/?q=status:merged&n=2&N=002e4203000187d5
With this new query, I was hoping that I'll get another 2 new query results, since I provided the _sortkey as a cursor of my previous search results.
However, it's really weird that this new query returns exactly the same results as the previous query, instead of the next 2 results as I expected. It seems like providing "N=002e4203000187d5" has no effect at all.
Does anybody know why using _sortkey to resume my query doesn't work?
I chatted with one of the developers at Google, and he confirmed that _sortkey has been removed from the newer versions of Gerrit they are running at android-review and gerrit-review. The N= parameter is no longer valid. The documentation will be updated to reflect this.
The alternative is to use &S=x to skip x results, which I tested and works well.
sortkey is deprecated in Gerrit v2.9 -
see the (Gerrit) ReleaseNotes-2.9.txt, under REST API - Changes:
[[sortkey-deprecation]]
Results returned by the [query changes] endpoint are now paginated using offsets instead of sortkeys.
The sortkey and sortkey_prev parameters on the endpoint are deprecated.
The results are now paginated using the --limit (-n) option to limit the number of results, and the -S option to set the start point.
Queries with sortkeys are still supported against old index versions, to enable online reindexing while clients have an older JS version.
See also here -
PSA: Removing the "sortkey" field from the gerrit-on-borg query interface:
...
Our solution is to kill the sortkey field and its related search operators (sortkey_before, sortkey_after, and resume_sortkey).
There are two ways you can achieve similar functionality.
Add "&S=" to your query to skip a fixed number of results.
(Note that this redoes the search so new results may have jumped ahead and
you might process the same change twice.
This is true of the resume_sortkey implementation as well,
so your code should already be able to handle this.)
Use the before/after operators.
Instead of taking the sortkey field from the last returned change and
using it in a resume_sortkey operator, you take the updated field from
the last returned change and use it in a before operator.
(This has slightly different semantics than the sortkey field, which
uses the change number as a tiebreaker when changes have similar updated times.)
...
I have an item of type float, but sometimes a string is received in case of error instead of a number. How can I make a trigger regexp to fire in this case?
I have no idea now to check for "wrong data type".
Actually this is by design and what I'm trying to do is this: if the data gathering fails, I send an error message in order to see it on zabbix end.
I tried with nodata(0), but this doesn't seem to work.
In you case zabbix will not store the "wrong" value for the item. And if you don't care what the string is then you can just setup a trigger for "nodata" for the period of your interval. Look in the triggers manual and search for the "nodata".
Edit: scratch that, didn't read the whole question ....
Edit2: if you are certain that this is not working by design and not because your trigger interval misses the data interval, then you can try to catch the unsupported status. There is an open request for the functionality, but you can setup a side script similar to this. Or you can wrap the monitored item on the node into a UserParameter script that reads the value and prints -1 or something if it is not a number. Then proceed with a normal numeric trigger.