Documentation

You are viewing documentation for the development version, it may be incomplete.
Join our translation project and help translate Zabbix documentation into your native language.
1 Manual structure
2 What is Zabbix
3 Zabbix features
4 Zabbix overview
5 What's new in Zabbix 7.0.0
2 Definitions
1 High availability
2 Agent
3 Agent 2
4 Proxy
1 Setup from sources
2 Setup from RHEL packages
3 Setup from Debian/Ubuntu packages
6 Sender
7 Get
8 JS
9 Web service
1 Getting Zabbix
1 PostgreSQL plugin dependencies
2 MongoDB plugin dependencies
1 MySQL/MariaDB
2 PostgreSQL/TimescaleDB
3 Oracle
2 Cryptography
3 Web server
1 Building Zabbix agent on Windows
2 Building Zabbix agent 2 on Windows
3 Building Zabbix agent on macOS
1 Red Hat Enterprise Linux and derivatives
2 Debian/Ubuntu/Raspbian
3 SUSE Linux Enterprise Server
4 Windows agent installation from MSI
5 Mac OS agent installation from PKG
6 Unstable releases
6 Installation from containers
7 Web interface installation
1 Upgrade from sources
1 Red Hat Enterprise Linux
2 Debian/Ubuntu
3 Upgrade from containers
1 Compilation issues
10 Template changes
11 Upgrade notes for 7.0.0
1 Login and configuring user
2 New host
3 New item
4 New trigger
5 Receiving problem notification
6 New template
6 Zabbix appliance
1 Configuring a host
2 Inventory
3 Mass update
1 Item key format
2 Custom intervals
1 Preprocessing testing
2 Preprocessing details
3 Preprocessing examples
1 Escaping special characters from LLD macro values in JSONPath
1 Additional JavaScript objects
6 CSV to JSON preprocessing
1 Zabbix agent 2
2 Windows Zabbix agent
1 Dynamic indexes
2 Special OIDs
3 MIB files
3 SNMP traps
4 IPMI checks
1 VMware monitoring item keys
6 Log file monitoring
1 Aggregate calculations
8 Internal checks
9 SSH checks
10 Telnet checks
11 External checks
12 Trapper items
13 JMX monitoring
14 ODBC monitoring
15 Dependent items
16 HTTP agent
17 Prometheus checks
18 Script items
4 History and trends
1 Extending Zabbix agents
6 Windows performance counters
7 Mass update
8 Value mapping
9 Queue
10 Value cache
11 Execute now
12 Restricting agent checks
1 Configuring a trigger
2 Trigger expression
3 Trigger dependencies
4 Trigger severity
5 Customizing trigger severities
6 Mass update
7 Predictive trigger functions
1 Trigger event generation
2 Other event sources
3 Manual closing of problems
1 Trigger-based event correlation
2 Global event correlation
6 Tagging
1 Simple graphs
2 Custom graphs
3 Ad-hoc graphs
4 Aggregation in graphs
1 Configuring a network map
2 Host group elements
3 Link indicators
3 Dashboards
1 Configuring a template
2 Linking/unlinking
3 Nesting
4 Mass update
1 Zabbix agent template operation
2 Zabbix agent 2 template operation
3 HTTP template operation
4 IPMI template operation
5 JMX template operation
6 ODBC template operation
7 Standardized templates for network devices
1 Email
2 SMS
3 Custom alert scripts
1 Webhook script examples
1 Conditions
1 Sending message
2 Remote commands
3 Additional operations
4 Using macros in messages
3 Recovery operations
4 Update operations
5 Escalations
3 Receiving notification on unsupported items
1 Macro functions
2 User macros
3 User macros with context
4 Secret user macros
5 Low-level discovery macros
6 Expression macros
1 Configuring a user
2 Permissions
3 User groups
1 CyberArk configuration
2 HashiCorp configuration
14 Scheduled reports
1 Export to files
2 Streaming to external systems
1 Service tree
2 SLA
3 Setup example
1 Web monitoring items
2 Real-life scenario
1 VMware monitoring item keys
2 Virtual machine discovery key fields
3 JSON examples for VMware items
4 VMware monitoring setup example
11 Maintenance
12 Regular expressions
1 Problem suppression
1 Template groups
2 Host groups
3 Templates
4 Hosts
5 Network maps
6 Media types
1 Configuring a network discovery rule
2 Active agent autoregistration
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Notes on low-level discovery
1 Discovery of mounted filesystems
2 Discovery of network interfaces
3 Discovery of CPUs and CPU cores
4 Discovery of SNMP OIDs
5 Discovery of SNMP OIDs (legacy)
6 Discovery of JMX objects
7 Discovery of IPMI sensors
8 Discovery of systemd services
9 Discovery of Windows services
10 Discovery of Windows performance counter instances
11 Discovery using WMI queries
12 Discovery using ODBC SQL queries
13 Discovery using Prometheus data
14 Discovery of block devices
15 Discovery of host interfaces in Zabbix
7 Custom LLD rules
1 Synchronization of monitoring configuration
1 Using certificates
2 Using pre-shared keys
1 Connection type or permission problems
2 Certificate problems
3 PSK problems
1 Event menu
2 Host menu
3 Item menu
1 Action log
2 Clock
3 Data overview
4 Discovery status
5 Favorite graphs
6 Favorite maps
7 Gauge
8 Geomap
9 Graph
10 Graph (classic)
11 Graph prototype
12 Honeycomb
13 Host availability
14 Item value
15 Map
16 Map navigation tree
17 Pie chart
18 Plain text
19 Problem hosts
20 Problems
21 Problems by severity
22 SLA report
23 System information
24 Top hosts
25 Top triggers
26 Trigger overview
27 URL
28 Web monitoring
1 Cause and symptom problems
1 Graphs
2 Host dashboards
3 Web scenarios
3 Latest data
4 Maps
5 Discovery
1 Services
2 SLA
3 SLA report
1 Overview
2 Hosts
1 System information
2 Scheduled reports
3 Availability report
4 Top 100 triggers
5 Audit log
6 Action log
7 Notifications
1 Template groups
2 Host groups
1 Items
2 Triggers
3 Graphs
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Web scenarios
1 Items
2 Triggers
3 Graphs
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Web scenarios
5 Maintenance
6 Event correlation
7 Discovery
1 Actions
2 Media types
3 Scripts
1 User groups
2 User roles
3 Users
4 API tokens
1 HTTP
2 LDAP
3 SAML
4 MFA
1 General
2 Audit log
3 Housekeeping
4 Proxies
5 Macros
6 Queue
1 Global notifications
2 Sound in browsers
4 Global search
5 Frontend maintenance mode
6 Page parameters
7 Definitions
8 Creating your own theme
9 Debug mode
10 Cookies used by Zabbix
11 Time zones
12 Resetting password
13 Time period selector
Action object
action.create
action.delete
action.get
action.update
Alert object
alert.get
apiinfo.version
Audit log object
auditlog.get
Authentication object
authentication.get
authentication.update
Autoregistration object
autoregistration.get
autoregistration.update
configuration.export
configuration.import
configuration.importcompare
Connector object
connector.create
connector.delete
connector.get
connector.update
Correlation object
correlation.create
correlation.delete
correlation.get
correlation.update
Dashboard object
dashboard.create
dashboard.delete
dashboard.get
dashboard.update
1 Action log
2 Clock
3 Data overview
4 Discovery status
5 Favorite graphs
6 Favorite maps
7 Gauge
8 Geomap
9 Graph
10 Graph (classic)
11 Graph prototype
12 Honeycomb
13 Host availability
14 Item value
15 Map
16 Map navigation tree
17 Pie chart
18 Plain text
19 Problem hosts
20 Problems
21 Problems by severity
22 SLA report
23 System information
24 Top hosts
25 Top triggers
26 Trigger overview
27 URL
28 Web monitoring
Discovered host object
dhost.get
Discovered service object
dservice.get
Discovery check object
dcheck.get
Discovery rule object
drule.create
drule.delete
drule.get
drule.update
Event object
event.acknowledge
event.get
Graph object
graph.create
graph.delete
graph.get
graph.update
Graph item object
graphitem.get
Graph prototype object
graphprototype.create
graphprototype.delete
graphprototype.get
graphprototype.update
High availability node object
hanode.get
History object
history.clear
history.get
history.push
Host object
host.create
host.delete
host.get
host.massadd
host.massremove
host.massupdate
host.update
Host group object
hostgroup.create
hostgroup.delete
hostgroup.get
hostgroup.massadd
hostgroup.massremove
hostgroup.massupdate
hostgroup.propagate
hostgroup.update
Host interface object
hostinterface.create
hostinterface.delete
hostinterface.get
hostinterface.massadd
hostinterface.massremove
hostinterface.replacehostinterfaces
hostinterface.update
Host prototype object
hostprototype.create
hostprototype.delete
hostprototype.get
hostprototype.update
Housekeeping object
housekeeping.get
housekeeping.update
Icon map object
iconmap.create
iconmap.delete
iconmap.get
iconmap.update
Image object
image.create
image.delete
image.get
image.update
Item object
item.create
item.delete
item.get
item.update
Item prototype object
itemprototype.create
itemprototype.delete
itemprototype.get
itemprototype.update
LLD rule object
discoveryrule.copy
discoveryrule.create
discoveryrule.delete
discoveryrule.get
discoveryrule.update
Maintenance object
maintenance.create
maintenance.delete
maintenance.get
maintenance.update
Map object
map.create
map.delete
map.get
map.update
Media type object
mediatype.create
mediatype.delete
mediatype.get
mediatype.update
MFA object
mfa.create
mfa.delete
mfa.get
mfa.update
Module object
module.create
module.delete
module.get
module.update
Problem object
problem.get
Proxy object
proxy.create
proxy.delete
proxy.get
proxy.update
Regular expression object
regexp.create
regexp.delete
regexp.get
regexp.update
Report object
report.create
report.delete
report.get
report.update
Role object
role.create
role.delete
role.get
role.update
Script object
script.create
script.delete
script.execute
script.get
script.getscriptsbyevents
script.getscriptsbyhosts
script.update
Service object
service.create
service.delete
service.get
service.update
Settings object
settings.get
settings.update
SLA object
sla.create
sla.delete
sla.get
sla.getsli
sla.update
Task object
task.create
task.get
Template object
template.create
template.delete
template.get
template.massadd
template.massremove
template.massupdate
template.update
Template dashboard object
templatedashboard.create
templatedashboard.delete
templatedashboard.get
templatedashboard.update
Template group object
templategroup.create
templategroup.delete
templategroup.get
templategroup.massadd
templategroup.massremove
templategroup.massupdate
templategroup.propagate
templategroup.update
Token object
token.create
token.delete
token.generate
token.get
token.update
Trend object
trend.get
Trigger object
trigger.create
trigger.delete
trigger.get
trigger.update
Trigger prototype object
triggerprototype.create
triggerprototype.delete
triggerprototype.get
triggerprototype.update
User object
user.checkAuthentication
user.create
user.delete
user.get
user.login
user.logout
user.provision
user.unblock
user.update
User directory object
userdirectory.create
userdirectory.delete
userdirectory.get
userdirectory.test
userdirectory.update
User group object
usergroup.create
usergroup.delete
usergroup.get
usergroup.update
User macro object
usermacro.create
usermacro.createglobal
usermacro.delete
usermacro.deleteglobal
usermacro.get
usermacro.update
usermacro.updateglobal
Value map object
valuemap.create
valuemap.delete
valuemap.get
valuemap.update
Web scenario object
httptest.create
httptest.delete
httptest.get
httptest.update
Appendix 1. Reference commentary
Appendix 2. Changes from 6.4 to 7.0
1 Loadable modules
1 Building loadable plugins
3 Frontend modules
1 Frequently asked questions / Troubleshooting
1 Database creation
2 Repairing Zabbix database character set and collation
3 Database upgrade to primary keys and double precision data types
4 Preparing auditlog table for partitioning
1 MySQL encryption configuration
2 PostgreSQL encryption configuration
6 TimescaleDB setup
7 Elasticsearch setup
8 Distribution-specific notes on setting up Nginx for Zabbix
9 Running agent as root
10 Zabbix agent on Microsoft Windows
11 SAML setup with Microsoft Azure AD
12 SAML setup with Okta
13 SAML setup with OneLogin
14 Oracle database setup
15 Setting up scheduled reports
16 Additional frontend languages
1 Zabbix server
2 Zabbix proxy
3 Zabbix agent (UNIX)
4 Zabbix agent 2 (UNIX)
5 Zabbix agent (Windows)
6 Zabbix agent 2 (Windows)
1 Ceph plugin
2 Docker plugin
3 Memcached plugin
4 Modbus plugin
5 MongoDB plugin
6 MQTT plugin
7 MSSQL plugin
8 MySQL plugin
9 Oracle plugin
10 PostgreSQL plugin
11 Redis plugin
12 Smart plugin
8 Zabbix Java gateway
9 Zabbix web service
10 Inclusion
1 Server-proxy data exchange protocol
2 Zabbix agent protocol
3 Zabbix agent 2 protocol
4 Zabbix agent 2 plugin protocol
5 Zabbix sender protocol
6 Header
7 Newline-delimited JSON export protocol
1 vm.memory.size parameters
2 Passive and active agent checks
3 Minimum permission level for Windows agent items
4 Encoding of returned values
5 Large file support
6 Sensor
7 Notes on memtype parameter in proc.mem items
8 Notes on selecting processes in proc.mem and proc.num items
9 Implementation details of net.tcp.service and net.udp.service checks
10 proc.get parameters
11 Unreachable/unavailable host interface settings
12 Remote monitoring of Zabbix stats
13 Configuring Kerberos with Zabbix
14 modbus.get parameters
15 Creating custom performance counter names for VMware
16 Return values for system.sw.packages.get
17 Return values for net.dns.get
1 Foreach functions
2 Bitwise functions
3 Date and time functions
4 History functions
5 Trend functions
6 Mathematical functions
7 Operator functions
8 Prediction functions
9 String functions
1 Supported macros
2 User macros supported by location
8 Unit symbols
9 Time period syntax
10 Command execution
11 Version compatibility
12 Database error handling
13 Zabbix sender dynamic link library for Windows
14 Python library for Zabbix API
15 Service monitoring upgrade
16 Other issues
17 Agent vs agent 2 comparison
18 Escaping examples
1 Monitor Linux with Zabbix agent
2 Monitor Windows with Zabbix agent
3 Monitor Apache via HTTP
4 Monitor MySQL with Zabbix agent 2
5 Monitor VMware with Zabbix
6 Monitor network traffic with Zabbix
7 Monitor network traffic using active checks
manifest.json
Actions
Views
Assets
Register a new module
Configuration
Presentation
Create a module (tutorial)
Create a widget (tutorial)
Examples
Examples
Create a plugin (tutorial)
Plugin interfaces
Changes to extension development
zabbix_agent2
zabbix_agentd
zabbix_get
zabbix_js
zabbix_proxy
zabbix_sender
zabbix_server
zabbix_web_service

2 Streaming to external systems

Overview

It is possible to stream item values and events from Zabbix to external systems over HTTP (see protocol details).

The tag filter can be used to stream subsets of item values or events.

Two Zabbix server processes are responsible for data streaming: connector manager and connector worker. A Zabbix internal item zabbix[connector_queue] allows to monitor the count of values enqueued in the connector queue.

Configuration

The following steps are required to configure data streaming to an external system:

1. Have a remote system set up for receiving data from Zabbix. For this purpose, the following tools are available:

  • An example of a simple receiver that logs the received information in events.ndjson and history.ndjson files.
  • Kafka connector for Zabbix server - a lightweight server written in Go, designed to forward item values and events from a Zabbix server to a Kafka broker.

2. Set the required number of connector workers in Zabbix by adjusting the StartConnectors parameter in zabbix_server.conf. The number of connector workers should match (or exceed if concurrent sessions are more than 1) the configured connector count in Zabbix frontend. Then, restart Zabbix server.

3. Configure a new connector in Zabbix frontend (AdministrationGeneralConnectors) and reload the server cache with the zabbix_server -R config_cache_reload command.

Mandatory fields are marked by an asterisk.

Parameter Description
Name Enter the connector name.
Data type Select the data type to stream:
Item values - stream item values from Zabbix to external systems;
Events - stream events from Zabbix to external systems.
URL Enter the receiver URL. User macros are supported.
Tag filter Export only item values or events matching the tag filter. If not set, then export everything.
It is possible to include as well as exclude specific tags and tag values. Several conditions can be set. Tag name matching is always case-sensitive.

There are several operators available for each condition:
Exists - include the specified tag names;
Equals - include the specified tag names and values (case-sensitive);
Contains - include the specified tag names where the tag values contain the entered string (substring match, case-insensitive);
Does not exist - exclude the specified tag names;
Does not equal - exclude the specified tag names and values (case-sensitive);
Does not contain - exclude the specified tag names where the tag values contain the entered string (substring match, case-insensitive).

There are two calculation types for conditions:
And/Or - all conditions must be met, conditions having the same tag name will be grouped by the Or condition;
Or - enough if one condition is met.
Type of information Select the type of information (numeric (unsigned), numeric (float), character, etc.), by which to filter the item values that the connector should stream.
This field is available if Data type is set to "Item values".
HTTP authentication Select the authentication option:
None - no authentication used;
Basic - basic authentication is used;
NTLM - NTLM (Windows NT LAN Manager) authentication is used;
Kerberos - Kerberos authentication is used (see also: Configuring Kerberos with Zabbix);
Digest - Digest authentication is used;
Bearer - Bearer authentication is used.
Username Enter the user name (up to 255 characters). User macros are supported.
This field is available if HTTP authentication is set to "Basic", "NTLM", "Kerberos", or "Digest".
Password Enter the user password (up to 255 characters). User macros are supported.
This field is available if HTTP authentication is set to "Basic", "NTLM", "Kerberos", or "Digest".
Bearer token Enter the Bearer token. User macros are supported.
This field is available and required if HTTP authentication is set to "Bearer".
Advanced configuration Click the Advanced configuration label to display advanced configuration options (see below).
Max records per message Specify the maximum number of values or events that can be streamed within one message.
Concurrent sessions Select the number of sender processes to run for this connector. Up to 100 sessions can be specified; the default value is "1".
Attempts Number of attempts for streaming data. Up to 5 attempts can be specified; the default value is "1".
Attempt interval Specify how long the connector should wait after an unsuccessful attempt to stream data. Up to 10s can be specified; the default value is "5s".
This field is available if Attempts is set to "2" or more.
Unsuccessful attempts are those where establishing a connection has failed, or where the HTTP response code is not 200. Retries are triggered in case of communication errors or when the HTTP response code is not 200, 400, 401, 403, 404, 405, 415, 422. Redirects are followed, so 302 -> 200 is a positive response; whereas 302 -> 503 will trigger a retry.
Timeout Specify the message timeout (1-60 seconds, default - 5 seconds).
Time suffixes are supported, e.g., 30s, 1m. User macros are supported.
HTTP proxy You can specify an HTTP proxy to use in the following format:
[protocol://][username[:password]@]proxy.example.com[:port]
User macros are supported.

The optional protocol:// prefix may be used to specify alternative proxy protocols (the protocol prefix support was added in cURL 7.21.7). With no protocol specified, the proxy will be treated as an HTTP proxy. By default, 1080 port will be used.

If HTTP proxy is specified, the proxy will overwrite proxy related environment variables like http_proxy, HTTPS_PROXY. If not specified, the proxy will not overwrite proxy-related environment variables. The entered value is passed on as is, no sanity checking takes place.
You may also enter a SOCKS proxy address. If you specify the wrong protocol, the connection will fail and the item will become unsupported.

Note that only simple authentication is supported with HTTP proxy.
SSL verify peer Mark the checkbox to verify the SSL certificate of the web server.
The server certificate will be automatically taken from system-wide certificate authority (CA) location. You can override the location of CA files using Zabbix server or proxy configuration parameter SSLCALocation.
SSL verify host Mark the checkbox to verify that the Common Name field or the Subject Alternate Name field of the web server certificate matches.
This sets the CURLOPT_SSL_VERIFYHOST cURL option.
SSL certificate file Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. User macros are supported.
If the certificate file also contains the private key, leave the SSL key file field empty. If the key is encrypted, specify the password in the SSL key password field. The directory containing this file is specified by Zabbix server or proxy configuration parameter SSLCertLocation.
SSL key file Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. User macros are supported.
The directory containing this file is specified by Zabbix server or proxy configuration parameter SSLKeyLocation.
SSL key password SSL private key file password. User macros are supported.
Description Enter the connector description.
Enabled Mark the checkbox to enable the connector.

Protocol

Communication between the server and the receiver is done over HTTP using REST API, NDJSON, "Content-Type: application/x-ndjson".

For more details, see Newline-delimited JSON export protocol.

Server request

Example of streaming item values:

POST /v1/history HTTP/1.1
       Host: localhost:8080
       Accept: */*
       Accept-Encoding: deflate, gzip, br, zstd
       Content-Length: 628
       Content-Type: application/x-ndjson
        
       {"host":{"host":"Zabbix server","name":"Zabbix server"},"groups":["Zabbix servers"],"item_tags":[{"tag":"foo","value":"test"}],"itemid":44457,"name":"foo","clock":1673454303,"ns":800155804,"value":0,"type":3}
       {"host":{"host":"Zabbix server","name":"Zabbix server"},"groups":["Zabbix servers"],"item_tags":[{"tag":"foo","value":"test"}],"itemid":44457,"name":"foo","clock":1673454303,"ns":832290669,"value":1,"type":3}
       {"host":{"host":"Zabbix server","name":"Zabbix server"},"groups":["Zabbix servers"],"item_tags":[{"tag":"bar","value":"test"}],"itemid":44458,"name":"bar","clock":1673454303,"ns":867770366,"value":123,"type":3}

Example of streaming events:

POST /v1/events HTTP/1.1
       Host: localhost:8080
       Accept: */*
       Accept-Encoding: deflate, gzip, br, zstd
       Content-Length: 333
       Content-Type: application/x-ndjson
        
       {"clock":1673454303,"ns":800155804,"value":1,"eventid":5,"name":"trigger for foo being 0","severity":0,"hosts":[{"host":"Zabbix server","name":"Zabbix server"}],"groups":["Zabbix servers"],"tags":[{"tag":"foo_trig","value":"test"},{"tag":"foo","value":"test"}]}
       {"clock":1673454303,"ns":832290669,"value":0,"eventid":6,"p_eventid":5}
Receiver response

The response consists of the HTTP response status code and the JSON payload. The HTTP response status code must be "200" for requests that were handled successfully, other for failed requests.

Example of success:

localhost:8080/v1/history": HTTP/1.1 200 OK
       Date: Wed, 11 Jan 2023 16:40:30 GMT
       Content-Length: 0

Example with errors:

localhost:8080/v1/history": HTTP/1.1 422 Unprocessable Entity
       Content-Type: application/json
       Date: Wed, 11 Jan 2023 17:07:36 GMT
       Content-Length: 55
        
       {"error":"invalid character '{' after top-level value"}
© 2001-2024 by Zabbix SIA. All rights reserved.
Except where otherwise noted, Zabbix Documentation is licensed under the following license
Trademark Policy