Ad Widget

**PeterZielony** · 11-07-2023, 14:36

You can use fin() function which returns true if present. Simple add "not" before function and you are sorted
not(find())

https://www.zabbix.com/documentation...s/history#find

**mdub** · 11-07-2023, 15:06

Thanks for the help !

I managed to create this trigger :

not(find(/windows_acd-groupe_active/eventlog[Microsoft-Windows-TaskScheduler/Operational,"\Sending data",,TaskScheduler,201,,skip],#1,,""with the return code 0.""))

Which seemed to work since it resolved the ongoing problem on the dashboard.

However, as soon as the value got updated, the trigger created a new problem. The strange thing is that the new value is identifcal to the last one and contains the string ""with the return code 0."

**PeterZielony** · 11-07-2023, 17:08

Originally posted by mdub

Thanks for the help !

I managed to create this trigger :

Which seemed to work since it resolved the ongoing problem on the dashboard.

However, as soon as the value got updated, the trigger created a new problem. The strange thing is that the new value is identifcal to the last one and contains the string ""with the return code 0."

you missed operator (i'd use iregexp but aswell you can use "like").

operator (must be double-quoted). Supported operators:
eq - equal (default for integer, float)
ne - not equal
gt - greater
ge - greater or equal
lt - less
le - less or equal
like (default for string, text, log) - matches if contains the string given in pattern (case-sensitive)
bitand - bitwise AND
regexp - case-sensitive match of the regular expression given in pattern
iregexp - case-insensitive match of the regular expression given in pattern
pattern - the required pattern (string arguments must be double-quoted); Perl Compatible Regular Expression (PCRE) regular expression if operator is regexp, iregexp.

Also double quoted means " not ""

try this:
not(find(eventlog[/windows_acd-groupe_active/eventlog[Microsoft-Windows-TaskScheduler/Operational,"\Sending data",,TaskScheduler,201,,skip]),#1,"iregexp","with the return code 0")

but make sure your host is also included at the beginning (or not if its via template) find(/host/key,(sec|#num)<:time shift>,<operator>,<pattern>)

**mdub** · 12-07-2023, 07:40

I get the following error when trying to update the trigger (via the template) :

Invalid parameter "/1/expression": incorrect expression starting from "find(eventlog[/windows_acd-groupe_active/eventlog[Microsoft-Windows-TaskScheduler/Operational,"\Sending data",,TaskScheduler,201,,skip]),#1,"iregexp","with the return code 0")".

**yoni_tech** · 18-01-2024, 13:50

Sorry for popping up this thread.
As the last reply suggested that the creator of this thread did not solve it - I decided to reply here and maybe it can help the creator or other users who will look for this issue.
Zabbix 6.X (and maybe older versions as well) supports the Left and Right trigger functions.
In your case, the Right function might be one of the paths to use, example for a query I would use if I were you:

Code:

not (right(last(/windows_acd-groupe_active/eventlog[Microsoft-Windows-TaskScheduler/Operational,"\Sending data",,TaskScheduler,201,,skip],#1),23)="with the return code 0.")

The above function will check if the provided last 23 characters ARE NOT identical to the provided string - if so, it will trigger an issue.
Hope I was able to assist.

**cyber** · 19-01-2024, 11:11

Originally posted by mdub

I get the following error when trying to update the trigger (via the template) :

Invalid parameter "/1/expression": incorrect expression starting from "find(eventlog[/windows_acd-groupe_active/eventlog[Microsoft-Windows-TaskScheduler/Operational,"\Sending data",,TaskScheduler,201,,skip]),#1,"iregexp","with the return code 0")".

I think the host part is in wrong place...

find (/host/key,<(sec|#num)<:time shift>>,<operator>,<pattern>)

Ad Widget

Creating a trigger if text string exists in value

Creating a trigger if text string exists in value

Comment

Comment

Comment

Comment

Comment

Comment