You're missing that the regular expression is anchored on both ends (the ^ at the begging and the $ at the end).

If you ignore the other OR'ed regular expressions within the parens, your regular expression basically is this:

which means there can't be anything else in the the service name or the match will fail. As your Problem shows, the full service name contains other text, so regular expression is not matching what you want it to match.

If you only want to match this service, and not the other manual service that's named almost the same, you could try using something like:

as your regex (be sure you escape the literal parens with a \ , as is done elsewhere in the regex, like for "Intel (R)").

That regular expression could be shortened further, but for your sake you probably want to stick with something simple and obvious.

Thanks a lot tim.mooney

I must admit that I know very little on regular expression syntax, will for sure read up on that. Does this look more correct?


I will see tomorrow if they stop re-occuring.
By the way, what could be the reason that they keep occuring even if I follow the instructions in the YouTube video mentioned above where I choose "Mass Update" and then "Supress indefinitely"?

I believe it should match just the service you want, yes. As written:

That regex says:

1. must begin with the exact text: Microsoft
2. followed by one or more of (nearly) any character ( the .+ )
3. ending with the exact text: (edgeupdate)

Regarding your question about the YouTube video: sorry, but I'm not going to wade through a youtube video just to see how it relates to your question. Maybe someone else with more time will take a look and offer you a suggestion.

Thank you so much Tim!
I checked this morning, but the alerts keep coming in as usual:

​

Do I perhaps need to restart anything on the Zabbix server side? Or do I need to restart the Active Agent client services? Or do I need to unink and then link again the hosts?
Sorry for being unclear about the YT video from Zabbix official, I didn't mean for you specifically to comment, just if someone could explain what I am missing there, since the official video says "simply surpress indedefinitely and the alert will not show again", but still it does for me.
Really appreciate your help, thanks for being so educational about the regex syntax!

Just want to ping my question once again:
How could I prevent some Windows services monitored by Zabbix Active Agent 2 to be shown in the "problems" window?
I have tried:

• Marking the service with "surpress indefinetely"
• Marking the service with "surpress indefinetely" and also "Acknowledge"
• Chaning the setting "Data Collections -> Templates -> Windows by Zabbix agent active -> Macros" in. the field {$SERVICE.NAME.NOT_MATCHES} to inlude the expression as tim.mooney kindly helped me with: ^Microsoft.+\(edgeupdate\)$

But the alerts keep coming every day. Is it necessary to unlink the servers I monitor and add them again after such a change? What could I have missed?
I would be very grateful for some advice. I have held off showing Zabbix to my IT colleagues until I have managed to understand this, I know they will otherwise say that it is too cluttered with unwanted alerts.

You don't need to restart anything, but this is something that you need to understand about the low-level discovery (LLD) process.

The macro you've been adjusting is one of many macros used by that template, but it is one way to control what services get skipped/ignored on initial discovery.

The problem that I think you're experiencing is that even though you now (probably) have the macro set up so that an initial discovery would ignore that service, it's "too late". Zabbix already found that service and defined the item and trigger related to it.

If you check the documentation for LLD, https://www.zabbix.com/documentation...evel_discovery , you will see there is a setting in the "Discovery rule" called "Keep lost resources period", that tells Zabbix how long to wait before it purges items/triggers/history that are no longer present. If you set this (temporarily) to something smaller than 30 days (like maybe 1h) and then wait that period, the stuff you no longer want should go away (I think).

The pre-defined templates are great (and getting better), but they are also fairly complicated. I don't recommend you deploy anything without understanding what it's doing and how it works. This is a situation where spending time planning and understanding, rather than jumping right to "implementation", may save you a lot of headaches down the road.

I agree. Thanks for your answer. I have no intention of deploying Zabbix as a live solution for my IT department until I have learned sufficiently. I think this forum is a great way of learning for a total beginner like me.

In regards to what you suggest, I guess this would be correct, right?



I will wait a while and see if it helps me with my problem. Thanks again for your valuable insight!

Well, I can see that it is still coming in:



Could I have missed something obvious here? But I do wonder that. I have made a Zabbix installation at home with my small lab AD group of servers, and I have exatly the same issue there.
Also, I can't wrap my head around one thing: As tim.mooney says, once a Zabbix Active agent has been installed it might be too late to make exceptions for which services it should include or exclude. I can buy that and that it is important to make those rule-exceptions before deploying the agent. But what then if there in the future are more unnecessary windows services one would want to exclude?

it keeps lost resources that amount of time AFTER it has done discovery and not finding it any more. So even if you shorten that "Keep lost resources" period, you also need to wait until next discovery. I really do not know, how long period that is set in default templates. If it is once a day.. then you may need to wait until next day, when it performs a new discovery, does not "find" that service any more, marks it as "not discovered any more" (there should be yellow marker in items config with a note, when this item will be removed) and then it wait until "keep lost resources" expires and removes the item...

If using passive items (also for disco), you can just go and press "execute now" button and you don't need to wait. With active items you probably need to shorted discovery interval also (later set it back to "normal"). Active items cannot be "executed now"....