Trigger correlations
Hi,
I'm new to the forum but I used Zabbix since version 2.0.
I have the following requirement in my team to correlate triggers based on some rules:
- If a trigger is raised for a number of times X in a time window T
- If the same trigger is raised on multiple hosts
- If a trigger is not resolved in a time window T
Based on the above rules, the requirement is to elevate the trigger level or to raise a different trigger.
1. From what I read in the documentation I could not find any way (except manual intervention via ACK) to change the trigger level. Is this correct ?
2. I could write some external application/script to be executed on a trigger event (action/event source: triggers) and I could apply this rule in the external application. The I would have to feed the result of correlation back to Zabbix via an item related to the source trigger. Based on that new item I could create a new trigger that would count the number of events (the new item would be updated at interval T corresponding to the time window required) and will be raised if X events happened. Is there a way to generate the new item and related trigger automatically on discovery items ? I would need a way to configure a item prototype based on the trigger name/id to be unique and related to the respective trigger.
3. Is there a way to count the number of identical triggers in problem state on multiple hosts (or in a host group) and raise a trigger on that condition ?
The implementation of the rules above must not use any "hack" using the database directly or define items on the fly using the API by an external application. The only external processing that can be done is described at point 2)
The current Zabbix configuration has about 50k items across 200 servers and about 11k triggers, 90% of the items and triggers are generated via low level discovery using external scrips. This installation is monitoring applications and OS level items (cpu, memory, mountpoints space), not devices/servers.
Thank you.
Zabbix 4.0.15/ Solaris 10 SPARC/MySQL 5.7.16
I'm new to the forum but I used Zabbix since version 2.0.
I have the following requirement in my team to correlate triggers based on some rules:
- If a trigger is raised for a number of times X in a time window T
- If the same trigger is raised on multiple hosts
- If a trigger is not resolved in a time window T
Based on the above rules, the requirement is to elevate the trigger level or to raise a different trigger.
1. From what I read in the documentation I could not find any way (except manual intervention via ACK) to change the trigger level. Is this correct ?
2. I could write some external application/script to be executed on a trigger event (action/event source: triggers) and I could apply this rule in the external application. The I would have to feed the result of correlation back to Zabbix via an item related to the source trigger. Based on that new item I could create a new trigger that would count the number of events (the new item would be updated at interval T corresponding to the time window required) and will be raised if X events happened. Is there a way to generate the new item and related trigger automatically on discovery items ? I would need a way to configure a item prototype based on the trigger name/id to be unique and related to the respective trigger.
3. Is there a way to count the number of identical triggers in problem state on multiple hosts (or in a host group) and raise a trigger on that condition ?
The implementation of the rules above must not use any "hack" using the database directly or define items on the fly using the API by an external application. The only external processing that can be done is described at point 2)
The current Zabbix configuration has about 50k items across 200 servers and about 11k triggers, 90% of the items and triggers are generated via low level discovery using external scrips. This installation is monitoring applications and OS level items (cpu, memory, mountpoints space), not devices/servers.
Thank you.
Zabbix 4.0.15/ Solaris 10 SPARC/MySQL 5.7.16
Comment