Ad Widget

**cyber** · 30-06-2022, 09:26

theres key "log.count" which returns count of occurrencies instead of lines... you can use sum function to count them during 5m... Instead of nodata() you probably need a recovery expression there, like sum(30m) =0 or something. Otherwise it closes earlier, when trigger expression does not match any more...

**pmurtey** · 30-06-2022, 17:17

Hi Cyber, We have googled for some examples of how sum can be used in the context of log monitoring, and we have not been able to find any examples. Could you please expound a little further to show how the sum expression would fit into the log trigger expression we have shown above.?

**cyber** · 01-07-2022, 09:15

Umm... as I said.. log.count returns numbers, so its just a matter of using sum function with them... Based on example (expression syntax), you seem to have some older version of Zabbix.
your item would be "log.count[/server1log01/logs/server1-cs-3.19.18/server1-cs.1b/server1.cs.main.cdc.log.0,"Runner has stopped",,,skip]" item type numeric(unsigned).
your trigger expression would be "{server1:log.count[/server1log01/logs/server1-cs-3.19.18/server1-cs.1b/server1.cs.main.cdc.log.0,"Runner has stopped",,,skip].sum(60)}>=5"
your recovery expression would be "{server1:log.count[/server1log01/logs/server1-cs-3.19.18/server1-cs.1b/server1.cs.main.cdc.log.0,"Runner has stopped",,,skip].sum(30m)}=0"

**pmurtey** · 01-07-2022, 16:45

Awesome Sir, your the best.

Ad Widget

Linux log monitor by occurrences

Linux log monitor by occurrences

Comment

Comment

Comment

Comment