I had such a plan to parse the apache log, collect the statuses and then on the collected set of Triggers, e.g. in a minute, which would raise the problem if the statuses different from 200 were more than, for example, 5x during the last minute.
Example:
I know that you can use for this purpose the function log[path_to_file,200] (or in the form of REGEX) to extract a specific value - but the examination of each status individually requires each time from the side of the system to verify this log that is, it loads the system. I wanted to do it a little differently - first collect the data and then aggregate it on the zabbix server side.
I created item:
It processes the this log:
As you can see, the logs are collected correctly (statuses). It's look same for collected type of Text and Log.
However, how to set the "Type of information"? As Text, Unsigned, Log? I would also like to collect statuses as Graph - stacked.
When I use Unsigned, they are collected as a value - that is, the Graph exists, but it is skewed - the value is collected, not the occurrences (I would like to create my Graph by accumulating occurrences on a given time interval, e.g. 1 minute - but I can't add a data source because it is not among the elements to choose from)
- in the case of using Text, Graph does not exist
- in case of using Log, Graph is empty (no data)
Graph of Unsigned:
Graph of Log:
I tried with something like this:
I've tried with =0 or =3 too - but this seems to catch only 3 occurrences following one another. At 200-500-200-500-200-500 it won't work, it only works at 200-500-500-500-200.
It's possible to process collected data and:
- create graph to show all statused /per minute? Like in last 60 seconds I've got 30x 200, 2x 502m, 3x500. And I want to present them like picture of stacked graph I've put in start of this thread.
- set aside a quantitative graph for each type of occurrence (without defining separately for each possible code (i.e. 200,500,502, etc.))
- create different triggers to react when in last minute I got 5 different statuses other than 200? (I know that I can detect when I get 30 times specified, declared status
Example:
I know that you can use for this purpose the function log[path_to_file,200] (or in the form of REGEX) to extract a specific value - but the examination of each status individually requires each time from the side of the system to verify this log that is, it loads the system. I wanted to do it a little differently - first collect the data and then aggregate it on the zabbix server side.
I created item:
log[/var/log/httpd/srp-access_log,".*HTTP\/1.1".(\d{3})",,,skip,\1,,,]
It processes the this log:
10.0.1.1 - - [25/May/2023:10:14:53 +0200] "POST /soap/p1/wys HTTP/1.1" 200 827
10.0.1.2 - - [25/May/2023:10:14:53 +0200] "POST /soap/p2/udo HTTP/1.1" 500 10339
10.0.1.2 - - [25/May/2023:10:14:53 +0200] "POST /soap/p2/udo HTTP/1.1" 500 10339
As you can see, the logs are collected correctly (statuses). It's look same for collected type of Text and Log.
However, how to set the "Type of information"? As Text, Unsigned, Log? I would also like to collect statuses as Graph - stacked.
When I use Unsigned, they are collected as a value - that is, the Graph exists, but it is skewed - the value is collected, not the occurrences (I would like to create my Graph by accumulating occurrences on a given time interval, e.g. 1 minute - but I can't add a data source because it is not among the elements to choose from)
- in the case of using Text, Graph does not exist
- in case of using Log, Graph is empty (no data)
Graph of Unsigned:
Graph of Log:
I tried with something like this:
in(last(/proxy1b.abc.lan/log[/var/log/httpd/srp_access_log,""*HTTP/1.1.(\n{3}))",,,skip,\n{3},,,],#3:now-60s),200)=0
It's possible to process collected data and:
- create graph to show all statused /per minute? Like in last 60 seconds I've got 30x 200, 2x 502m, 3x500. And I want to present them like picture of stacked graph I've put in start of this thread.
- set aside a quantitative graph for each type of occurrence (without defining separately for each possible code (i.e. 200,500,502, etc.))
- create different triggers to react when in last minute I got 5 different statuses other than 200? (I know that I can detect when I get 30 times specified, declared status
Comment