Ad Widget

Collapse

Negate eventid in eventlog key

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • javier.andres
    Junior Member
    • Apr 2010
    • 5
    #1

    Negate eventid in eventlog key

    Hello,

    I have got a little problem with the key eventlog...

    I would like to catch all Windows System events less the 7035 and 7036 eventids.

    I have tried to use the folllowing expression:

    eventlog[System,,,,(^7035) | (^7036)]

    But it doesn't work...

    Does anyone know the correct way to do it?

    Thanks,
    Last edited by javier.andres; 20-10-2010, 14:17.
    Tags: None
    • zalex_ua
      Senior Member
      Zabbix Certified Trainer
      Zabbix Certified SpecialistZabbix Certified Professional
      • Oct 2009
      • 1286
      #2
      I have biggest experience with eventlog monitoring. See my related issue on the tracker - this is very useful for you. 1 2 3
      Feel free to vote.

      Originally posted by javier.andres
      I would like to catch all Windows System events less the 7035 and 7036 eventids.
      Very interestedly why?

      Originally posted by javier.andres
      I have tried to use the folllowing expression:

      eventlog[System,,,,(^7035) | (^7036)]
      This is not expression, this is an Item key with filtering by Agent side !!! More simply and correctly:
      Code:
      eventlog[System,,,,7035|7036]
      This is key return only events with (like) ID 7035 and 7036 from Agent.

      Originally posted by javier.andres
      Does anyone know the correct way to do it?
      Do make simple trigger for this events (with any severity levels) with expression:
      Code:
      {YouHost:eventlog[System,,,,7035|7036].logseverity(0)}>0
      Last edited by zalex_ua; 21-10-2010, 02:29.

        Comment

        • javier.andres
          Junior Member
          • Apr 2010
          • 5
          #3
          Hello zalex_ua,

          7035 and 7036 are two examples... When you monitor a Windows computer, it is possible that this operating system returns some events which are not interesting for you, for example because there is a known situation that generates some problem, which is controlled but you cannot fix...

          For that reason it is necessary in some cases to be able to catch all events less a few which are not interesting for you.

          I already knew that the key item eventlog[System,,,,7035|7036] returns me only the 7035 and 7036 events, but I need a key item or trigger that returns me all System events less the 7035 and 7036 IDs... and the problem is that I don't know how to make it...

          The solution that you propose only gives back these two events and I need all events less these two...

          Thanks for your response!

            Comment

            • zalex_ua
              Senior Member
              Zabbix Certified Trainer
              Zabbix Certified SpecialistZabbix Certified Professional
              • Oct 2009
              • 1286
              #4
              Originally posted by javier.andres
              Hello zalex_ua,

              but I need a key item or trigger that returns me all System events less the 7035 and 7036 IDs... and the problem is that I don't know how to make it...
              try to use regexp:
              Code:
              ^([1-6]?[0-9]{0,3}|70[0-2][0-9]|703[0-6])$

                Comment

                Previous template Next
                Working...