Does anyone have any advice here? I haven't found a solution yet.

When did the alert trigger, precisely?

If I looked at the chart, between 4:00:00 and 4:00:29 or so I think the query is valid. You are checking if the current time is between 4 and 5, but if the prior hour's data (as of that time) is max zero. If there was a data item polled then, I think it would be true?

If you are trying to check if all values between 4am and 5am are zero you need something different (I'm not quite sure what, frankly, but different -- maybe that check fires only at 5am (though you have to be sure there is a poll at that time if you try isolating it to a specific time to check; the evaluation is made at polling not at a specific time of day).

I just want a trigger that:
If there hasn't been any traffic between 4am and 5am, then trigger an alert. Else all good.

The alert triggered at 04:30am and it got recovered 1 second later (04:31am).

I can't explain it then. But I think the trigger itself is written incorrectly, remember it is going to be evaluated at each poll, so (for example) when it is evaluated at 4:15, it will look back to see if there are max zero from 3:15 to 4:15, because the current time is between 4 and 5. It's not a query, i.e. the 4-5 portion is not a where clause for selection.

What makes your request difficult is the need to look at a particular hour; most zabbix usage for triggers looks at relative time -- the prior X minutes. So it's relatively easy to tell if the prior hour had max zero.

Related question: A trigger generally is supposed to have something that clears it, so that the alert condition goes away. What clears your trigger?

To do what I think you need some kind of a kludge. Say you poll ever 2 minutes.

If the trigger is not now set, and the time is between 5:00 and 5:03, max(60m) = zero OR
if the trigger is now set, and the time is between 5 and 6.

So if there is no current alert it will check once at a poll near 5am (+/- 1 minute to make sure you catch a poll every 2), and evaluate your condition and trigger (or not). If it triggers, it just keeps triggering until 6am then resets.

But... I'm not sure that is really what you want?

The problem here is that.. I already have a trigger like that working for another device. And it works pretty good!

I think the issue here is that for this particularly case, the traffic happens before 4am(3:59am):


It just doesn't make any sense to me... why for the other device it works? it has to be something wrong I am doing....

Cheers!

well.... If I only had kept my mouth shut.... now this alert that WAS working was triggered last night... so that means the expression I am using is wrong...

any idea guys?

I got that time function from here.

That trigger says that during the 0000-0600 time frame, every time the system polls it looks back 5 minutes and triggers based on that 5 minutes load.

Your requirement, if I understand you correctly, is to evaluate a specific window for time, not to evaluate DURING a specific window of time.

okay.. so... do you have any tips on how to do that? I ran out of ideas here

I suggested one above, you have to plan for when the first poll will hit once the hour is complete, so the TIME check will first check just after that hour ends. The problem is I see no way to keep the check active beyond that single pole, because each additional poll advances the window (due to the relative nature of the item selection in the 60m time frame), so you can only check once, alert, then the alert automatically will need to clear.

Hi,


What about scheduling intervals? If we adjust item to monitor only 1 hour at night?

If I understand your requirement (and I might not), it's not really a hit, though it may be useful.

Everything in zabbix that I can think of is about polling. So scheduling intervals are the same -- you want to poll during 4-5 am (let's say) you could schedule that, but each poll will do an evaluation of the trigger. What you want (right?) is to poll during that time, and only evaluate the trigger once at the end of that period.

Maybe you could use two items, one polls continually, one is a calculated item that polls in a custom interval only at 5:01am, and it calculates the sum over the prior hour. Then the trigger is based solely on this new calculated item (and so is only evaluated at 5:01am).

Maybe something like that?

All I want is to only trigger an alert in a time period. That shouldn't be THAT hard to do in Zabbix... I might write a script (it seems to be easier this way) for that.

I was reading about it and it looks like something that would work.... but for that I'd need to create another Item, which is not really something I wanna do... I want to be able to use the item that I've already got there.


Yeah.. but again... Imagine how many new "Items" I'd need to create..... isn't there any other solution for this, really? none trigger expressions you guys could think of?

Also when I create another Item I get the message: