Documentation

You are viewing documentation for the development version, it may be incomplete.
Join our translation project and help translate Zabbix documentation into your native language.
1 Web interface installation
1 Login and configuring user
2 New host
3 New item
4 New trigger
5 Receiving problem notification
6 New template
Apache web server monitoring
Linux server monitoring
MySQL server monitoring
Building Zabbix agent 2 on Windows
Building Zabbix agent on macOS
Building Zabbix agent on Windows
Installation from containers
Installation from sources
macOS agent installation from PKG
Notes on installation from packages
Windows agent installation from MSI
Debian/Ubuntu
Red Hat Enterprise Linux
Upgrade from containers
Upgrade from sources
Upgrade issues
Template changes
Upgrade notes for Zabbix 8.0.x
Known issues
Requirements
What's new in Zabbix 8.0.x
3 Zabbix appliance
1 High availability
2 Agent
3 Agent 2
4 Proxy
1 Setup from sources
2 Setup from RHEL packages
3 Setup from Debian/Ubuntu packages
6 Sender
7 Get
8 JS
9 Web service
1 Host Wizard
2 Configuring a host
3 Configuring a host group
4 Inventory
5 Mass update
1 Item key format
2 Custom intervals
1 Preprocessing testing
2 Preprocessing details
3 Preprocessing examples
1 Escaping special characters from LLD macro values in JSONPath
1 Additional JavaScript objects
2 Browser item JavaScript objects
6 CSV to JSON preprocessing
1 Zabbix agent 2
2 Windows Zabbix agent
1 Dynamic indexes
2 Special OIDs
3 MIB files
3 SNMP traps
4 IPMI checks
1 VMware monitoring item keys
6 Log file monitoring
1 Aggregate calculations
8 Internal checks
9 SSH checks
10 Telnet checks
11 External checks
12 Trapper items
13 JMX monitoring
14 ODBC monitoring
15 Dependent items
16 HTTP agent
17 Prometheus checks
18 Script items
19 Browser items
4 History and trends
1 Extending Zabbix agents
6 Windows performance counters
7 Mass update
8 Value mapping
9 Queue
10 Value cache
11 Execute now
12 Restricting agent checks
1 Trigger examples
2 Configuring a trigger
Foreach functions
2 Bitwise functions
3 Date and time functions
4 History functions
5 Trend functions
6 Mathematical functions
7 Operator functions
Predictive trigger functions
9 String functions
Trigger dependencies
Trigger severity
1 Trigger event generation
2 Other event sources
3 Manual closing of problems
1 Trigger-based event correlation
2 Global event correlation
6 Tagging
1 Simple graphs
2 Custom graphs
3 Ad-hoc graphs
4 Aggregation in graphs
1 Configuring a network map
2 Host group elements
3 Link indicators
3 Dashboards
1 Configuring a template
2 Configuring a template group
3 Linking/unlinking
4 Nesting
5 Mass update
1 Zabbix agent template operation
2 Zabbix agent 2 template operation
3 HTTP template operation
4 IPMI template operation
5 JMX template operation
6 ODBC template operation
7 Standardized templates for network devices
8 VMware template operation
1 Automated Gmail/Office365 media types
2 SMS
3 Custom alert scripts
1 Webhook script examples
1 Conditions
1 Sending message
2 Remote commands
3 Additional operations
4 Using macros in messages
3 Recovery operations
4 Update operations
5 Escalations
3 Receiving notification on unsupported items
1 Macro functions
2 User macros
3 User macros with context
4 Secret user macros
5 Low-level discovery macros
6 Expression macros
1 Configuring a user
2 Permissions
3 User groups
1 CyberArk configuration
2 HashiCorp configuration
14 Scheduled reports
1 Export to files
2 Streaming to external systems
3 SNMP gateway
1 Service tree
2 SLA
3 Setup example
1 Web monitoring items
2 Real-life scenario
1 VMware monitoring item keys
2 Virtual machine discovery key fields
3 JSON examples for VMware items
4 VMware monitoring setup example
9 Maintenance
10 Regular expressions
1 Problem suppression
1 Template groups
2 Host groups
3 Templates
4 Hosts
5 Network maps
6 Media types
1 Configuring a network discovery rule
2 Active agent autoregistration
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Discovery prototypes
6 Notes on low-level discovery
1 Discovery of mounted filesystems
2 Discovery of network interfaces
3 Discovery of CPUs and CPU cores
4 Discovery of SNMP OIDs
5 Discovery of SNMP OIDs (legacy)
6 Discovery of JMX objects
7 Discovery of IPMI sensors
8 Discovery of systemd services
9 Discovery of Windows services
10 Discovery of Windows performance counter instances
11 Discovery using WMI queries
12 Discovery using ODBC SQL queries
13 Discovery using Prometheus data
14 Discovery of block devices
15 Discovery of host interfaces in Zabbix
8 Custom LLD rules
1 Synchronization of monitoring configuration
2 Proxy load balancing and high availability
1 Using certificates
2 Using pre-shared keys
1 Connection type or permission problems
2 Certificate problems
3 PSK problems
1 Event menu
2 Host menu
3 Item menu
1 Dashboard widgets
1 Action log
2 Clock
3 Discovery status
4 Favorite graphs
5 Favorite maps
6 Gauge
7 Geomap
8 Graph
9 Graph (classic)
10 Graph prototype
11 Honeycomb
12 Host availability
13 Host card
14 Host navigator
15 Item card
16 Item history
17 Item navigator
18 Item value
19 Map
20 Map navigation tree
21 Pie chart
22 Problem hosts
23 Problems
24 Problems by severity
25 Scatter plot
26 SLA report
27 System information
28 Top hosts
29 Top items
30 Top triggers
31 Trigger overview
32 URL
33 Web monitoring
1 Cause and symptom problems
1 Graphs
2 Host dashboards
3 Web scenarios
3 Latest data
4 Maps
5 Discovery
1 Services
2 SLA
3 SLA report
1 Overview
2 Hosts
1 System information
2 Scheduled reports
3 Availability report
4 Top 100 triggers
5 Audit log
6 Action log
7 Notifications
1 Template groups
2 Host groups
1 Items
2 Triggers
3 Graphs
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Discovery prototypes
5 Web scenarios
1 Items
2 Triggers
3 Graphs
1 Item prototypes
2 Trigger prototypes
3 Graph prototypes
4 Host prototypes
5 Discovery prototypes
5 Web scenarios
5 Maintenance
6 Event correlation
7 Discovery
1 Actions
2 Media types
3 Scripts
1 User groups
2 User roles
3 Users
4 API tokens
1 HTTP
2 LDAP
3 SAML
4 MFA
1 General
2 Audit log
3 Housekeeping
4 Proxies
5 Proxy groups
6 Macros
7 Queue
1 Global notifications
2 Sound in browsers
4 Global search
5 Frontend maintenance mode
6 Page parameters
7 Definitions
8 Creating your own theme
9 Debug mode
10 Cookies used by Zabbix
11 Time zones
12 Resetting password
13 Time period and host selectors
1 Securing MySQL/MariaDB
2 Securing PostgreSQL/TimescaleDB
2 Cryptography
3 Web server
2 Configuration best practices
Action object
action.create
action.delete
action.get
action.update
Alert object
alert.get
apiinfo.version
Audit log object
auditlog.get
Authentication object
authentication.get
authentication.update
Autoregistration object
autoregistration.get
autoregistration.update
configuration.export
configuration.import
configuration.importcompare
Connector object
connector.create
connector.delete
connector.get
connector.update
Correlation object
correlation.create
correlation.delete
correlation.get
correlation.update
Dashboard object
dashboard.create
dashboard.delete
dashboard.get
dashboard.update
1 Action log
2 Clock
3 Discovery status
4 Favorite graphs
5 Favorite maps
6 Gauge
7 Geomap
8 Graph
9 Graph (classic)
10 Graph prototype
11 Honeycomb
12 Host availability
13 Host card
14 Host navigator
15 Item card
16 Item history
17 Item navigator
18 Item value
19 Map
20 Map navigation tree
21 Pie chart
22 Problem hosts
23 Problems
24 Problems by severity
25 Scatter plot
26 SLA report
27 System information
28 Top hosts
29 Top items
30 Top triggers
31 Trigger overview
32 URL
33 Web monitoring
Discovered host object
dhost.get
Discovered service object
dservice.get
Discovery check object
dcheck.get
Discovery rule object
drule.create
drule.delete
drule.get
drule.update
Event object
event.acknowledge
event.get
Graph object
graph.create
graph.delete
graph.get
graph.update
Graph item object
graphitem.get
Graph prototype object
graphprototype.create
graphprototype.delete
graphprototype.get
graphprototype.update
High availability node object
hanode.get
History object
history.clear
history.get
history.push
Host object
host.create
host.delete
host.get
host.massadd
host.massremove
host.update
Host group object
hostgroup.create
hostgroup.delete
hostgroup.get
hostgroup.massadd
hostgroup.massremove
hostgroup.propagate
hostgroup.update
Host interface object
hostinterface.create
hostinterface.delete
hostinterface.get
hostinterface.massadd
hostinterface.massremove
hostinterface.update
Host prototype object
hostprototype.create
hostprototype.delete
hostprototype.get
hostprototype.update
Housekeeping object
housekeeping.get
housekeeping.update
Icon map object
iconmap.create
iconmap.delete
iconmap.get
iconmap.update
Image object
image.create
image.delete
image.get
image.update
Item object
item.create
item.delete
item.get
item.update
Item prototype object
itemprototype.create
itemprototype.delete
itemprototype.get
itemprototype.update
LLD rule object
discoveryrule.create
discoveryrule.delete
discoveryrule.get
discoveryrule.update
LLD rule prototype object
discoveryruleprototype.create
discoveryruleprototype.delete
discoveryruleprototype.get
discoveryruleprototype.update
Maintenance object
maintenance.create
maintenance.delete
maintenance.get
maintenance.update
Map object
map.create
map.delete
map.get
map.update
Media type object
mediatype.create
mediatype.delete
mediatype.get
mediatype.update
MFA object
mfa.create
mfa.delete
mfa.get
mfa.update
Module object
module.create
module.delete
module.get
module.update
Problem object
problem.get
Proxy object
proxy.create
proxy.delete
proxy.get
proxy.update
Proxy group object
proxygroup.create
proxygroup.delete
proxygroup.get
proxygroup.update
Regular expression object
regexp.create
regexp.delete
regexp.get
regexp.update
Report object
report.create
report.delete
report.get
report.update
Role object
role.create
role.delete
role.get
role.update
Script object
script.create
script.delete
script.execute
script.get
script.getscriptsbyevents
script.getscriptsbyhosts
script.update
Service object
service.create
service.delete
service.get
service.update
Settings object
settings.get
settings.update
SLA object
sla.create
sla.delete
sla.get
sla.getsli
sla.update
Task object
task.create
task.get
Template object
template.create
template.delete
template.get
template.massadd
template.massremove
template.update
Template dashboard object
templatedashboard.create
templatedashboard.delete
templatedashboard.get
templatedashboard.update
Template group object
templategroup.create
templategroup.delete
templategroup.get
templategroup.massadd
templategroup.massremove
templategroup.propagate
templategroup.update
Token object
token.create
token.delete
token.generate
token.get
token.update
Trend object
trend.get
Trigger object
trigger.create
trigger.delete
trigger.get
trigger.update
Trigger prototype object
triggerprototype.create
triggerprototype.delete
triggerprototype.get
triggerprototype.update
User object
user.checkAuthentication
user.create
user.delete
user.get
user.login
user.logout
user.provision
user.resettotp
user.unblock
user.update
User directory object
userdirectory.create
userdirectory.delete
userdirectory.get
userdirectory.test
userdirectory.update
User group object
usergroup.create
usergroup.delete
usergroup.get
usergroup.update
User macro object
usermacro.create
usermacro.createglobal
usermacro.delete
usermacro.deleteglobal
usermacro.get
usermacro.update
usermacro.updateglobal
Value map object
valuemap.create
valuemap.delete
valuemap.get
valuemap.update
Web scenario object
httptest.create
httptest.delete
httptest.get
httptest.update
Appendix 1. Reference commentary
Appendix 2. Changes from 7.4 to 8.0
Appendix 3. Changes in 8.0
1 Loadable modules
2 Plugins
3 Frontend modules
1 Database creation
2 Repairing Zabbix database character set and collation
3 Database upgrade to primary keys
4 Preparing auditlog table for partitioning
1 MySQL encryption configuration
2 PostgreSQL encryption configuration
6 Secure connection to the frontend
7 TimescaleDB setup
8 Elasticsearch setup
9 Distribution-specific notes on setting up Nginx for Zabbix
10 Running agent as root
11 Zabbix agent on Microsoft Windows
12 SAML setup with Microsoft Entra ID
13 SAML setup with Okta
14 SAML setup with OneLogin
15 Setting up scheduled reports
16 Additional frontend languages
1 Zabbix server
2 Zabbix proxy
3 Zabbix agent (UNIX)
4 Zabbix agent 2 (UNIX)
5 Zabbix agent (Windows)
6 Zabbix agent 2 (Windows)
1 Ceph plugin
2 Docker plugin
3 Ember+ plugin
4 Memcached plugin
5 Modbus plugin
6 MongoDB plugin
7 MQTT plugin
8 MSSQL plugin
9 MySQL plugin
10 NVIDIA GPU plugin
11 Oracle plugin
12 PostgreSQL plugin
13 Redis plugin
14 SMART plugin
8 Zabbix Java gateway
9 Zabbix web service
10 Environment variables
11 Inclusion
1 Server-proxy data exchange protocol
2 Zabbix agent/agent2 protocol
4 Zabbix agent 2 plugin protocol
5 Zabbix sender protocol
6 Header
7 Newline-delimited JSON export protocol
1 vm.memory.size parameters
2 Passive and active agent checks
3 Minimum permission level for Windows agent items
4 Encoding of returned values
5 Large file support
6 Sensor
7 Notes on memtype parameter in proc.mem items
8 Notes on selecting processes in proc.mem and proc.num items
9 Implementation details of net.tcp.service and net.udp.service checks
10 proc.get parameters
11 Unreachable/unavailable host interface settings
12 Remote monitoring of Zabbix stats
13 Configuring Kerberos with Zabbix
14 modbus.get parameters
15 Creating custom performance counter names for VMware
16 Return values for system.sw.packages.get
17 Return values for net.dns.get
18 Notes on system.cpu.util items on Windows
19 Large JSON value support
5 Supported functions
1 Macros supported by location
2 User macros supported by location
7 Unit symbols
8 Time period syntax
9 Command execution
10 Version compatibility
12 Zabbix sender dynamic link library for Windows
13 Service monitoring upgrade
14 Other issues
15 Agent vs agent 2 comparison
16 Escaping examples
1 Monitor Linux with Zabbix agent
2 Monitor Windows with Zabbix agent
3 Monitor Apache via HTTP
4 Monitor MySQL with Zabbix agent 2
5 Monitor VMware with Zabbix
6 Monitor network traffic with Zabbix
7 Monitor network traffic using active checks
8 Monitor websites with Browser items
9 Monitor website certificates with Zabbix agent 2 (passive)
10 Monitor a network switch or router with Zabbix
11 Monitor Windows event log using active checks
What is Zabbix
1 Deploy Zabbix in the cloud
2 Node configuration
3 Adding users
4 Key differences of Zabbix Cloud
manifest.json
Actions
Views
Assets
Register a new module
Configuration
Presentation
Create a module (tutorial)
Create a widget (tutorial)
Examples
Examples
Create a plugin (tutorial)
Plugin interfaces
Installation
Quickstart guide
Use Zabbix API
Collect data from Zabbix agent
Send data to Zabbix server or proxy
Debug logging
Changes to extension development
zabbix_agent2
zabbix_agentd
zabbix_get
zabbix_js
zabbix_proxy
zabbix_sender
zabbix_server
zabbix_web_service

8 Elasticsearch setup

Zabbix can store history data in Elasticsearch as an alternative to a relational database.

The support of Elasticsearch is currently experimental.

This guide covers the setup for Elasticsearch 7.X. If you're using a different version, some functionality may not work as intended.

The setup involves creating an Elasticsearch storage location for each value type, setting up preprocessing (if needed), and connecting Zabbix to your Elasticsearch instance.

Elasticsearch can store the following value types:

Item value type Database table Elasticsearch type
Numeric (unsigned) history_uint uint
Numeric (float) history dbl
Character history_str str
Log history_log log
Text history_text text
Binary history_bin not supported by Zabbix
JSON history_json json

Important notes

  • Elasticsearch requires libcurl. See requirements for details.
  • The housekeeper does not delete data from Elasticsearch.
  • If all history data is stored in Elasticsearch, trends are not calculated or stored in the database. Consider extending the history storage period.
  • When Elasticsearch is used, range queries retrieving values from the database are limited by the timestamp of the data storage period.
  • Elasticsearch is not supported for Zabbix proxy; please use SQLite instead.

If Elasticsearch isn't installed yet, refer to the official installation guide before proceeding.

Configuring Elasticsearch

To store history data in Elasticsearch, you need to:

  • Create an index for each value type you want to store—this is where Elasticsearch stores the data, similar to a table in a relational database.
  • Define a mapping for each index—this defines the structure of the data, similar to a table schema.
  • Set up an ingest pipeline to process values before storage (required for JSON values and date-based indices).

Elasticsearch can store data in a single index per value type, or across multiple date-based indices. Both approaches are described below.

Storing history in a single index

In this approach, all history data for a given value type is written to a single index (e.g., uint or text).

To create an index for the Numeric (unsigned) value type, send the following request (with /uint in the URL) to your Elasticsearch instance:

curl -X PUT \
        http://localhost:9200/uint \
        -H 'content-type:application/json' \
        -d '{
            "settings": {
             "index": {
                "number_of_replicas": 1,
                "number_of_shards": 5
             }
          },
          "mappings": {
             "properties": {
                "itemid": { "type": "long" },
                "clock": { "format": "epoch_second", "type": "date" },
                "value": { "type": "long" }
             }
          }
       }'

Elasticsearch will respond with a confirmation that the index was created:

{"acknowledged": true, "shards_acknowledged": true, "index": "uint"}

Similar requests must be sent for each additional value type you want to store in Elasticsearch.

Mappings for all value types are available in the Zabbix source repository.

For example, to create an index for the Text value type:

curl -X PUT \
        http://localhost:9200/text \
        -H 'content-type:application/json' \
        -d '{
          "settings": {
             "index": {
                "number_of_replicas": 1,
                "number_of_shards": 5
             }
          },
          "mappings": {
             "properties": {
                "itemid": { "type": "long" },
                "clock": { "format": "epoch_second", "type": "date" },
                "value": {
                   "fields": {
                      "analyzed": { "index": true, "type": "text", "analyzer": "standard" }
                   },
                   "index": false,
                   "type": "text"
                }
             }
          }
       }'
JSON value type

Unlike other value types, JSON values require additional processing before storage.

The index below uses separate fields for parsed and raw values, so an ingest pipeline is needed to parse each value as JSON and store it in the correct field.

To create an index for the JSON value type, send the following request (with /json in the URL) to your Elasticsearch instance.

curl -X PUT \
        http://localhost:9200/json \
        -H 'content-type:application/json' \
        -d '{
          "settings": {
             "number_of_shards": 5,
             "number_of_replicas": 1
          },
          "mappings": {
             "dynamic": false,
             "properties": {
                "itemid": { "type": "long" },
                "clock": { "type": "date", "format": "epoch_second" },
                "ns": { "type": "long" },
                "value_parsed": { "type": "flattened" },
                "value_raw": { "type": "keyword", "ignore_above": 1000000 }
           }
         }
       }'

Then, create the ingest pipeline:

curl -X PUT \
        http://localhost:9200/_ingest/pipeline/json \
        -H 'content-type:application/json' \
        -d '{
          "processors": [
             {
                "json": {
                   "field": "value",
                   "target_field": "value_parsed",
                   "ignore_failure": true
                }
             },
             {
                "set": {
                   "if": "ctx.value_parsed == null",
                   "field": "value_raw",
                   "value": "{{{ value }}}"
                }
             }
          ],
          "on_failure": [
             {
                "set": {
                   "field": "value_raw",
                   "value": "{{{ value }}}"
                }
             }
          ]
       }'

Elasticsearch will respond with a confirmation that the ingest pipeline was created:

{"acknowledged": true}

Storing history in date-based indices

Instead of writing all history data to a single index (e.g., uint), Elasticsearch can distribute this data across multiple date-based indices (e.g., uint-2026-01-01, uint-2026-01-02). This makes it easier to manage data volume and retention over time.

To enable this, you need to:

  • Create an index template for each value type you want to store—this tells Elasticsearch what mapping to apply when it automatically creates a new date-based index.
  • Create an ingest pipeline for each value type—it processes each incoming value and routes it to the correct date-based index.
  • Configure the HistoryStorageDateIndex parameter in the Zabbix server configuration file—this enables storing values in multiple date-based indices.
Index templates

To create a template for the text index, send a request with the following details:

  • Use _template/text_template in the URL of your Elasticsearch instance.
  • Use "text*" in the "index_patterns" field to match the index name.
  • Use a mapping for the text value type (see mappings in the Zabbix source repository).
curl -X PUT \
        http://localhost:9200/_template/text_template \
        -H 'content-type:application/json' \
        -d '{
          "index_patterns": [ "text*" ],
          "settings": {
             "index": {
                "number_of_replicas": 1,
                "number_of_shards": 5
             }
          },
          "mappings": {
             "properties": {
                "itemid": { "type": "long" },
                "clock": { "format": "epoch_second", "type": "date" },
                "value": {
                   "fields": {
                      "analyzed": { "index": true, "type": "text", "analyzer": "standard" }
                   },
                   "index": false,
                   "type": "text"
                }
             }
          }
       }'

Template for the json index:

curl -X PUT \
        http://localhost:9200/_template/json_template \
        -H 'content-type:application/json' \
        -d '{
          "index_patterns": [ "json*" ],
          "settings": {
             "number_of_shards": 5,
             "number_of_replicas": 1
          },
          "mappings": {
             "dynamic": false,
             "properties": {
                "itemid": { "type": "long" },
                "clock": { "type": "date", "format": "epoch_second" },
                "ns": { "type": "long" },
                "value_parsed": { "type": "flattened" },
                "value_raw": { "type": "keyword", "ignore_above": 1000000 }
             }
          }
       }'
Ingest pipelines

To create an ingest pipeline for the text index:

  • Use _ingest/pipeline/text-pipeline in the URL of your Elasticsearch instance.
  • Include a date_index_name processor to route each value to the correct date-based index based on its timestamp.
curl -X PUT \
        http://localhost:9200/_ingest/pipeline/text-pipeline \
        -H 'content-type:application/json' \
        -d '{
          "description": "daily text index naming",
          "processors": [
             {
                "date_index_name": {
                   "field": "clock",
                   "date_formats": ["UNIX"],
                   "index_name_prefix": "text-",
                   "date_rounding": "d"
                }
             }
          ]
       }'

For the json index, the pipeline also needs to parse the JSON value before routing it to the correct index:

curl -X PUT \
        http://localhost:9200/_ingest/pipeline/json-pipeline \
        -H 'content-type:application/json' \
        -d '{
          "description": "daily json index naming"
          "processors": [
             {
                "json": {
                   "field": "value",
                   "target_field": "value_parsed",
                   "ignore_failure": true
                }
             },
             {
                "script": {
                   "source": "if (ctx.value_parsed == null || !(ctx.value_parsed instanceof Map)) { ctx.value_raw = ctx.value; ctx.remove(\"value_parsed\"); }"
                }
             },
             {
                "date_index_name": {
                   "field": "clock",
                   "date_formats": [ "UNIX" ],
                   "index_name_prefix": "json-",
                   "date_rounding": "d"
                }
             }
          ]
       }'

Configuring Zabbix server

In your Zabbix server configuration file (zabbix_server.conf), set the following parameters:

For example, to store Character, Log, Text, and JSON type values in Elasticsearch (while keeping Numeric values in a database):

HistoryStorageURL=http://localhost:9200
       HistoryStorageTypes=str,log,text,json

If you're using date-based indices for all values stored in Elasticsearch, also set the HistoryStorageDateIndex parameter:

HistoryStorageDateIndex=1

After making changes, restart Zabbix server:

systemctl restart zabbix-server

Configuring Zabbix frontend

In your Zabbix frontend configuration file (zabbix.conf.php), declare $HISTORY as a global variable and set its url and types values to match the server configuration:

// Zabbix GUI configuration file.
       global $DB, $HISTORY;
       
       $HISTORY['url']   = 'http://localhost:9200';
       $HISTORY['types'] = ['str', 'log', 'text', 'json'];

Troubleshooting

The following steps may help you troubleshoot problems with your Elasticsearch setup:

  1. Verify that auto_create_index is enabled:
curl -X GET \
        "http://localhost:9200/_cluster/settings?include_defaults=true&filter_path=**.auto_create_index"
       
       # {"defaults": {"action": {"auto_create_index": "false"} } }

To enable it, send the following request:

curl -X PUT \
        http://localhost:9200/_cluster/settings \
        -H 'content-type:application/json' \
        -d '{
          "persistent": {
             "action.auto_create_index": "true"
          }
       }'
       
       # {"acknowledged": true, "persistent": {"action": {"auto_create_index": "true"} }, "transient": {} }
  1. Verify that mappings, templates, and ingest pipelines are correct by sending GET requests to their respective URLs:
curl -X GET http://localhost:9200/json
       curl -X GET http://localhost:9200/_template/json*
       curl -X GET http://localhost:9200/_ingest/pipeline/json*

You can compare received responses with expected responses in the Elasticsearch API documentation.

  1. Check if any shards are in a failed state; restarting Elasticsearch may resolve this.

  2. Verify that your Elasticsearch configuration allows access from Zabbix server and Zabbix frontend.

  3. Use the LogSlowQueries Zabbix server configuration parameter to identify slow queries.

  4. Check the Elasticsearch logs for errors.

  5. If you need to reset your Elasticsearch setup and start over, you can delete all indices, templates, and ingest pipelines:

curl -X DELETE "http://localhost:9200/_all"
       curl -X DELETE "http://localhost:9200/_template/*"
       curl -X DELETE "http://localhost:9200/_ingest/pipeline/*"
© 2001-2026 by Zabbix SIA. All rights reserved.
Except where otherwise noted, Zabbix Documentation is licensed under the following license
Trademark Policy