Having some issues with getting a trigger to work as I would like for Windows Eventlog check
Every day a script is run that will put 'x' number of entries into a windows eventlog and I need to create a problem for each one of these entries and then automatically resolve these after 1 hour (could be any value really as long as less than 24 hours)
I've created a test scenario the same as the one that does not work as I want and this is below;
Item = logeventid(/999 - Windows Eventlog Testing/eventlog[Application,,Information,ZabbixTest,^(987)$,,skip])=1
Currently set to Update Interval as 10 minutes
By using 'eventcreate' I can simulate what is being created and test the trigger
Trigger = logeventid(/999 - Windows Eventlog Testing/eventlog[Application,,Information,ZabbixTest,^(987)$,,skip])=1 and nodata(/999 - Windows Eventlog Testing/eventlog[Application,,Information,ZabbixTest,^(987)$,,skip],10m)=0
What happens is, even though the latest data shows only (eg) 10 entries created in the eventlog, problems are repeatedly created (the same 10 over) until the 10m in the nodata part expires. If this was say 20m, then it would keep happening for 20 minutes and so on.
The problems do not resolve after this time either.
Tried all sorts of permutations, and looked at the different examples and nothing seems to want to give me what I am looking for
Any suggestions and assistance greatly appreciated
Every day a script is run that will put 'x' number of entries into a windows eventlog and I need to create a problem for each one of these entries and then automatically resolve these after 1 hour (could be any value really as long as less than 24 hours)
I've created a test scenario the same as the one that does not work as I want and this is below;
Item = logeventid(/999 - Windows Eventlog Testing/eventlog[Application,,Information,ZabbixTest,^(987)$,,skip])=1
Currently set to Update Interval as 10 minutes
By using 'eventcreate' I can simulate what is being created and test the trigger
Trigger = logeventid(/999 - Windows Eventlog Testing/eventlog[Application,,Information,ZabbixTest,^(987)$,,skip])=1 and nodata(/999 - Windows Eventlog Testing/eventlog[Application,,Information,ZabbixTest,^(987)$,,skip],10m)=0
What happens is, even though the latest data shows only (eg) 10 entries created in the eventlog, problems are repeatedly created (the same 10 over) until the 10m in the nodata part expires. If this was say 20m, then it would keep happening for 20 minutes and so on.
The problems do not resolve after this time either.
Tried all sorts of permutations, and looked at the different examples and nothing seems to want to give me what I am looking for
Any suggestions and assistance greatly appreciated
Comment