maybe
nodata(/host/key,70m)

nodata(/host/key,1h) and count(/host/key,#1)

Thanks for the suggestions. One more question, based on the history screenshot above, is it possible to use the event id, severity, localtime and value from the eventlog items for use in triggers or dependent items. What I mean is if I were to make the eventlog item more generic like:

Can I then create dependent items and/or triggers from it targeting events with "chef-client" in the log text and a eventid 202, for example?

Yes, but that depends what you expecting to be end goal. Your screenshot doesn't have eventID but you could add it using preprocessing, then have a triggers for depending item.

But not sure what would you do with it.

The screenshot I posted does have the event id, it's right next to the severity column.

But not sure if you can pass eventid to dependent item - never had to do it.


Im taking events using zabbix sender - this way i have more control what im sending to zbx

Gotcha. That's what I'm trying to figure out. I know zabbix sender is an option, but that's a little more involved to deploy hence the question.

​Ok, I have the eventlog configured as:

This captures the chef client schedule task action event IDs. I also setup a preprocessing rule setup to capture the return code or error value that's in the event id 201|202 events for the Chef Client scheduled task. When the task completes successfully it returns 0, when it doesn't it returns a non-zero value.

I have initially setup the trigger to alert if the value <> 0 and deployed the item/trigger to a couple of hosts to test. The trigger works as expected. What I would like to do now is to only trigger if the last 8 values are all non-zero. Meaning that based on the history below:

​

I wouldn't want the trigger to fire for the lone failure shown here, I only want it to fire if all 8 values are non-zero. Would count() be the correct function to use here?

I'm on Zabbix 5.0​​