Problem detection in Zabbix is based on triggers.
A trigger describes the problem condition, allowing Zabbix to react if the problem happens.
The full workflow of problem detection is:
Make sure you have an item collecting data.
Define the trigger for this item. Without a trigger, Zabbix just collects data, but never reacts on it.
Observe detected problems:
Receive notifications, execute remote commands (if defined).
Note that official Zabbix templates contain pre-defined triggers. See guide for applying template to monitor Linux.
A trigger describes the problem condition, by means of the trigger expression.
The problem condition, when it occurs in real life, is when the trigger "fires" (a problem is created in Zabbix).
The problem condition can be based on the latest value, the average value, a discovered string, and many other functions. Triggers cannot be created for items returning binary values.
A simple trigger expression calculates the function (for example, max() for the maximum value) for the data specified in parentheses (typically data item and time window), and then compares this calculation to a threshold.
For example:
This trigger fires if free disk space, measured over 5 minutes, has constantly been under 10 GB.
A trigger may have the following states:
| Trigger state | Description | In Zabbix |
|---|---|---|
| OK | Trigger expression has evaluated to "0" (or FALSE) | No problem created Problem is resolved (if existed) |
| Problem | Trigger expression has evaluated to "1" (or TRUE) | Problem is created |
Sometimes the trigger expression evaluation is not possible for some reason. See Unknown expression state.
Other resources:
トリガーは、Zabbixサーバーが式の一部である新しい値を受信するたびに再計算されます。新しい値が受信されると、式に含まれる各関数が再計算されます(新しい値を受信した関数だけでなく)。
さらに、トリガーは新しい値が受信されるたびに、および式に日付と時刻やnodata()関数が使用されている場合は30秒ごとに再計算されます。
日付と時刻やnodata()関数は、Zabbixのhistory syncerプロセスによって30秒ごとに再計算されます。
トレンド関数のみを参照するトリガーは、式内の最小の時間間隔ごとに1回評価されます。トレンド関数も参照してください。