Z6 pre-processing Win Eventlog items now missing Localtime, Source, Severity, EventID
Zabbix 6 pre-processing Windows Eventlog items now losing metadata such as Localtime, Source, Severity, EventID.
Zabbix 5 didn't lose this information. I'm wondering if there is a new setting somewhere in Z6 to keep this useful information.
In both images below, hosts are monitored by proxy.
They are from Z5 LTS and Z6 LTS and have identical item configurations.
Item
- type : Zabbix agent (Active)
- key : eventlog[Security,,,,4625,,skip]
- type of info : log
Preprocessing step :
- name : Regular expression
- pattern : Account Name:\t\t(.*)
- output : \0
Image of Zabbix 5 latest data page before and after applying pre-processing rule to keep 1st line only of event log.
Image of Zabbix 6 latest data page before and after applying pre-processing rule to keep 1st line only of event log.
Local time, Source, Severity, Event ID are now missing.
Zabbix 5 didn't lose this information. I'm wondering if there is a new setting somewhere in Z6 to keep this useful information.
In both images below, hosts are monitored by proxy.
They are from Z5 LTS and Z6 LTS and have identical item configurations.
Item
- type : Zabbix agent (Active)
- key : eventlog[Security,,,,4625,,skip]
- type of info : log
Preprocessing step :
- name : Regular expression
- pattern : Account Name:\t\t(.*)
- output : \0
Image of Zabbix 5 latest data page before and after applying pre-processing rule to keep 1st line only of event log.
Image of Zabbix 6 latest data page before and after applying pre-processing rule to keep 1st line only of event log.
Local time, Source, Severity, Event ID are now missing.