Ad Widget

Collapse

How to create depended item from Windows eventlog filtered by eventid

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Daugava
    Junior Member
    • Jan 2023
    • 4
    #1

    How to create depended item from Windows eventlog filtered by eventid

    Hello.

    I'm collecting information from the Application EventLog using
    Code:
    eventlog[Application,,"Warning|Error",,,,skip]
    and want to store it for future use.
    I 've triggers with a specific EventID=1000 based on this information.

    However, I need to do additional log processing to get the information about which application actually caused this event. In my opinion, it is reasonable to first create a Depended Item that would filter the information by EventID=1000, but the functions for this are only available at the trigger level. I do not want to create a separate Item
    Code:
    eventlog[Application,,"Warning|Error",,,1000,skip]
    because it will actually double the load on the Zabbix Agents. Is it possible?
    Tags: None
    • Answer selected by Daugava at 03-08-2023, 10:55.
      cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4807
      ah yeah.. sry.. reading a bit in "diagonal". There is no option to do preprocessing based on EventID.. You can set regex only on that message text..
      By creating a separate item, you will definitely not double the agent load.. but as you have already very general catch there, then you will pick up some stuff twice... So some should be excluded from "catch all".
        • Selected Answer

        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4807
          #2
          Dependent items are dealt with on server side... Agent just collects initial data, forwards to server and then server splits it up to dependent items...

            Comment

            • Daugava
              Junior Member
              • Jan 2023
              • 4
              #3

              Thank you. That was actually the question, how to create a Dependent Item from the existing Log Item using an EventID filter, rather than collecting it again through the Agent.

                Comment

                • cyber
                  Senior Member
                  Zabbix Certified SpecialistZabbix Certified Professional
                  • Dec 2006
                  • 4807
                  #4
                  ah yeah.. sry.. reading a bit in "diagonal". There is no option to do preprocessing based on EventID.. You can set regex only on that message text..
                  By creating a separate item, you will definitely not double the agent load.. but as you have already very general catch there, then you will pick up some stuff twice... So some should be excluded from "catch all".
                    • Selected Answer

                    Comment

                    • Daugava
                      Junior Member
                      • Jan 2023
                      • 4
                      #5
                      Thank you.
                      I will create new Items for the required eventids, and in the old one I will add the eventid to the exceptions using regex
                      Code:
                      eventlog[Application,,"Warning|Error",,,"^(?!(1000)$).*$",skip]

                        Comment

                        Previous template Next
                        Working...