Welcome Zabbix users
I'm starting my adventure with Zabbix that's why I'm looking for an advise.
I have following scenario:
One application's log (app1.log) which contains message like:
Error:timestamp:some text:some text1: correlation_id: message
Log is monitored by one log file item1 (looking for lines which starting from "Error") every 5 minutes
The second application's log (app2.log) which contains message like:
Error:timestamp+1secs:some text2:some text3: correlation_id: message1
Also Log is monitored by one log file item2 (looking for lines which starting from "Error") every 5 minutes
The third application's log (app3.log) which contains message like:
Error:timestamp+2secs:some text4:some text5: correlation_id: message2
Also Log is monitored by one log file item3 (looking for lines which starting
from "Error") every 5 minutes
In above case I would like to have created one problem (which contain the same correlation id) independently how many items detect an error.
Even if the item3 detects an error for example 4 minutes after error is detected by item1 - only one error should be created.
Is it possible to implement in Zabbix above scenario?
I thought about using correlation item but as I'm understanding, they are useful to automatically close problems (eg. during restarting services or servers).
Thank You in advance for any help.
Best Regards
Darek
I'm starting my adventure with Zabbix that's why I'm looking for an advise.
I have following scenario:
One application's log (app1.log) which contains message like:
Error:timestamp:some text:some text1: correlation_id: message
Log is monitored by one log file item1 (looking for lines which starting from "Error") every 5 minutes
The second application's log (app2.log) which contains message like:
Error:timestamp+1secs:some text2:some text3: correlation_id: message1
Also Log is monitored by one log file item2 (looking for lines which starting from "Error") every 5 minutes
The third application's log (app3.log) which contains message like:
Error:timestamp+2secs:some text4:some text5: correlation_id: message2
Also Log is monitored by one log file item3 (looking for lines which starting
from "Error") every 5 minutes
In above case I would like to have created one problem (which contain the same correlation id) independently how many items detect an error.
Even if the item3 detects an error for example 4 minutes after error is detected by item1 - only one error should be created.
Is it possible to implement in Zabbix above scenario?
I thought about using correlation item but as I'm understanding, they are useful to automatically close problems (eg. during restarting services or servers).
Thank You in advance for any help.
Best Regards
Darek
Comment