Hello and welcome to Zabbix forums!

I suppose you are already familiar with log items as such. In any case here is a link to Zabbix documentation. https://www.zabbix.com/documentation...ypes/log_items

To accomplish your task you have to create two items where each of them monitors only those file size numbers.
To do that you have to use regular expression and define capturing groups.
Here are the item keys for both of those items:
I did make the regular expression even more complicated than you need but here is how that works. You have four capturing groups in brackets.
(.{19}) - date
(LOGSIZ) - LOGSIZ
.*.LOG - not a capturing group but matches the path (could make it as a rexex as well but did not try)
([0-9]+) - two identical capturing groups for file sizes

Now see in the item keys you have now the capturing groups \3 and \4 - the numbers you are looking for.

Check Latest data if the values for both of those items are coming in as expected.

And then you can create a trigger which can look something like this:

Hope this helps!

Best Regards,
Ingus

Hi, Ingus!

Your collaboration was very appreciated!

After your reply I read the docs you pointed and realized that Zabbix in my server is v2.0. That's why I didn't notice how to return a value from a RE in the output parameter. Right now I'm upgrading to v2.4. and Ubuntu 14.04. Very soon I'll be capable to test your code.

BTW, I'm not a big RE writer and didn't understand how to apply a RE in log[] function that I already have used in another items.

If you don't mind, can you explain to me how Zabbix understand that subgroups (as in the docs) are separated by a semicolon in the code you wrote? What changes should be applied to your code if the delimiter wasn't a semicolon, let's say it is a pipe "|"?

Thank you very much!

Hi,

Yes, that last output parameter was introduced in 2.2.0 and you did not have it. BTW it is very useful to mention the exact version of Zabbix in your posts here, because that can make big difference.

I am not a big RE writer myself but here is a nice online tool I am using to test things - regex101.com

Sure I will try to explain what happens in the regexp.
Semicolon is not a delimiter in this case. It is just a symbol and in your RE just is used to match semicolon as per your example. If you would have pipe in your log line then just use it.

However groups in regexps are divided with brackets ().
Let me explain your regexp part by part.
^ start of new line
(.{19}) first group in brackets. Accepts any symbol because of dot "." exactly 19 times {19}. I was too lazy to regexp all that timestamp.
; just a semicolon
(LOGSIZ) second group matching exactly characters LOGSIZ
; just a semicolon again.
.*.LOG first dot matches any character ( . dot) multiple times ( * star), second dot matches exactly dot or any character (can be removed here actually) and LOG matches capital letters LOG exactly.
; just a semicolon again.
([0-9]+) means that it is a group, accepts all numbers 0-9 multiple unlimited times because of + plus sign.
; just a semicolon again.
([0-9]+) another group of numbers, in your case fourth in a row.
; just a semicolon again.
$ end of a line.

Something like that.
If you have special chars in your regexp (like backslash \ or square brackets [] then make sure you add another backslash before them. Try that RE web tool, you'll understand quickly.

So good luck upgrading and monitoring logs!

Ah, almost forgot. Check this section in Zabbix! https://www.zabbix.com/documentation...ar_expressions
Your regexps can be stored centrally and then just referenced in log items.

Best Regards,
Ingus

Same Problem

Hello everyone!

This post is just what i was looking for.I'm also new with Zabbix.
Thanks to adamitj to your post and ingus.vilnis for your answers.

I have a problem like yours with regular expressions on Zabbix.

I have Zabbix 2.0.4 (and can't update it until summer)

My log is as following:

NOW:2016/02/23 08:42:01;FROM:2016/22 08:00;TO:2016/02/23 08:00;OK:1823;TOT:3576;PER:50.97

I need to create and item to capture the PER value (50.97) in this case.

I try a lot of regular expresions LIKE:

log['FILE.log',".*.PER: ([0-9]+)$",,,,]
log['FILE.log',"PER: ([0-9]{2}.[0-9]{2})"
log['FILE.log',"PER: ([0-9]{2}\.[0-9]{2})"
log['FILE.log',"PER: ([0-9]*\.?[0-9]*)"
log['FILE.log',"PER: ([0-9]{2}.*.)"
log['FILE.log',"PER: ([0-9]{2})"
log['FILE.log',"PER: (.*)"

try also expressions like:
log['FILE.log',";([0-9]+)",,,,\1]

All of them go ok on the web tester, but zabbix always change it to "not supported" and the info is like ZBX_NOTSUPPORTED.

Can anyone help me, or at least, point me to some docs that helps me? i googled for 2 days and didn't find solutions

Thanks a lot for your time.

Zabbix 2.0.4 cannot use output parameter at log[].
output parameters are available from Zabbix 2.2.

Be utilized in Zabbix 2.2 output parameter, its value can not be saved only as a log.

By using Zabbix 3.0, cut out the numeric string from the log using the output parameters, we will handle it as a numerical value.

Manual of Zabbix 2.2 : 5.17 Ability to extract matching part of a regular expression

Manual of Zabbix 3.0 : 5.12.2 Graphing log items

Thanks

Hello;

Thanks a lot for your answer

... then It is as i thought...i have to wait until summer to be able to make the upgrade and improvements on the system, specially Zabbix to version 2.4 or 3.0.

Thanks again for your help.