Hello,
I'm setting up a template to monitor an event log entry for a Windows host using the active agent.
The item for the template is as follows.
The logs are being detected correctly.
![Click image for larger version
Name: 2020-04-28 18_16_50-History [refreshed every 30 sec.] and 5 more pages - Work - Microsoft Edge.png
Views: 3398
Size: 22.6 KB
ID: 400253](filedata/fetch?id=400253&d=1588054704)
What I would like to setup is a trigger if the event is logged, but only log this once since this event can fire continuously.
If no new events are logged in 1 hour, then the problem should be marked as resolved.
At the moment, each server is reporting the same error multiple times.
Is the problem expression correct? I'm not filtering the data, since I'm doing that in the item.
Is the recovery expression the correct way to make something OK or should it be in the problem expression? e.g. trigger warning if there is an event and it's less than 1 hour old? Once it's been over 1 hour and there are no new events, it gets marked as resolved.
Thank you for your time.
I'm setting up a template to monitor an event log entry for a Windows host using the active agent.
The item for the template is as follows.
The logs are being detected correctly.
What I would like to setup is a trigger if the event is logged, but only log this once since this event can fire continuously.
If no new events are logged in 1 hour, then the problem should be marked as resolved.
At the moment, each server is reporting the same error multiple times.
Is the problem expression correct? I'm not filtering the data, since I'm doing that in the item.
Is the recovery expression the correct way to make something OK or should it be in the problem expression? e.g. trigger warning if there is an event and it's less than 1 hour old? Once it's been over 1 hour and there are no new events, it gets marked as resolved.
Thank you for your time.
Comment