Ad Widget

Collapse

Item naming convention and implications

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jswheeler
    Junior Member
    • Feb 2024
    • 22
    #1

    Item naming convention and implications

    I want to pull values from suricata stats into Zabbix. An example of what these look like are below.
    capture.kernel_packets | Total | 3391904
    capture.kernel_drops | Total | 486
    capture.kernel_ifdrops | Total | 0
    decoder.pkts | Total | 3391418
    decoder.bytes | Total | 2414269170
    decoder.invalid | Total | 1
    decoder.ipv4 | Total | 3379115
    decoder.ipv6 | Total | 2636
    decoder.ethernet | Total | 3391418
    decoder.arp | Total | 9398
    decoder.unknown_ethertype | Total | 269
    decoder.chdlc | Total | 0
    decoder.raw | Total | 0
    decoder.null | Total | 0
    decoder.sll | Total | 0
    decoder.tcp | Total | 1400986
    tcp.syn | Total | 31126
    tcp.synack | Total | 28924
    tcp.rst | Total | 3037
    decoder.udp | Total | 1978834
    I'm trying to understand the value, benefit of the items actual name. For example one naming convention could be

    suricata.stats.STAT.NAME

    specifically

    suricata.stats.capture.kernel_drops

    Another strategy could be

    suricata.stats[STAT.NAME]

    or

    suricata.stats[capture.kernel_drops]

    Is there a reason why I might chose one form vs the other? Is there another form to consider?

    Does one of these strategies have an impact on storage? Retrieval? Expiration? Graphing?
    Tags: None
    • azyla
      Junior Member
      • Feb 2024
      • 20
      #2
      Hi,

      The most important thing to keep in mind is that item keys have to be unique on the host, which way you choose depends only on your specific needs and preferences. However if you still would need some guidelines and tips, this page from official Zabbix documentation might come in handy: Items (zabbix.com)

      Hope it helps.

      Regards,
      Arkadiusz

        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4807
          #3
          Make them as short as possible and as readable as possible.. Name should be more human readable than key for example... a (dependent) item key like "suricata.stats.capture.kernel_drops" looks just fine but Name .. Maybe simple "Kernel drops" is more readable... Name also appears in graph legends, so it may be easier to read graphs later. so yea.. for graphing it may have influence... for storage or retrieval or expiration... no
            👍 1

            Comment

            • jswheeler
              Junior Member
              • Feb 2024
              • 22
              #4
              Originally posted by cyber
              Make them as short as possible and as readable as possible.. Name should be more human readable than key for example... a (dependent) item key like "suricata.stats.capture.kernel_drops" looks just fine but Name .. Maybe simple "Kernel drops" is more readable... Name also appears in graph legends, so it may be easier to read graphs later. so yea.. for graphing it may have influence... for storage or retrieval or expiration... no
              Super helpful! Thank you! I hadn't considered graphic really appreciate the insight.

                Comment

                Previous template Next
                Working...