Ad Widget

**tim.mooney** · 01-10-2021, 08:15

Is it configured as an "Active" check? That's required for log[].

See:

https://www.zabbix.com/documentation/current/manual/config/items/itemtypes/zabbix_agent

**pmurtey** · 01-10-2021, 16:13

Hi Tim, Yes it is set to ZABBIX agent(active)

**tim.mooney** · 06-10-2021, 07:28

I'm not sure then what the problem is, but since you only care about whether the error has occurred or not, I would probably change my approach a little and either switch from log[] to log.count[] or stay with log[]/logrt[] and use str(ERROR,10m) instead of nodata(). Log with str() is a bit redundant, but it may give you better results. I would probably try log.count[] first.

**pmurtey** · 16-11-2021, 20:23

Okay , we have a log file monitor working correctly. it is - {vmdou02p:log[/data01/application/logs/GatewayService.log,"5XX status code",,,skip,,].nodata(120m)}=0 This log monitor trigger detects the first occurrence of the expression and not clear until there are no further occurrences for 2 hours. This works, but how can we set the trigger to only alert if say 5 occurrences happen in 60 minutes? Then clear the alert if no further occurrences happen for 1 hour after that?