Ad Widget

**cyber** · 08-04-2024, 10:10

I suppose you only gather active alarms, that have some kind of severity higher than 0? That's why your expression does not ever return to normal also.. your last value has always a value <>0 (and no, if check does not return anything, then it is not 0, it is "no value", nothing is returned or saved, last() will still return value of whatever was last). And adding recovery does not change anything, it is additional expression that has to be true AFTER problem expression already turned FALSE.. So if your initial expression never becomes false, recovery will not be looked at also...

OK event generation

OK event generation options:
Expression - OK events are generated based on the same expression as problem events;
Recovery expression - OK events are generated if the problem expression evaluates to FALSE and the recovery expression evaluates to TRUE;
None - in this case the trigger will never return to an OK state on its own.

1 Configuring a trigger

https://www.zabbix.com/documentation/current/en/manual/config/triggers/trigger

**artschooldropout** · 11-04-2024, 21:01

Here's an example of what the item returns when there is an active alarm:

HTML Code:

[{"{#SNMPINDEX}":"167","{#ALRMID}":"167","{#ALRMNAM E}":"[SBC] Proxy Set Alarm Proxy Set 1 ([server name]): Server [IP] is down - one or more servers in the proxy set are offline","{#ALRMSRC}":"Board#1/ProxyConnection#1"}]

Here's what gets returned when there is no alarm:

HTML Code:

[]

So I tried changing my problem expression; I added this to the existing expression

HTML Code:

and nodata(/Basic AudioCodes - SNMP/acActiveAlarmSeverity[{#ALRMID}],120)=0

Note that the item gets polled every 60 seconds, so I set the timer for this at 120 seconds.

Basically, when there's *some data* returned by the item and there's an alarm with non-zero severity, that should trigger the problem. However, I still don't get resolved notifications. Any ideas?

**cyber** · 12-04-2024, 14:15

Its kind of fuzzy here (or maybe its just Friday evening)... you are displaying prototypes in first post.. right? Or is that {#ALARMID} accidentally looking just like LLD macro?

Code:

last(/[host FQDN]/acActiveAlarmSeverity[{#ALRMID}])<>0

Then your items return json data... do you think that acActiveAlarmSeverity[{#ALRMID} automatically refers to a specific field in returned json? Or is it still a prototype trigger we are talking about .. ?

**artschooldropout** · 12-04-2024, 17:50

That's correct, I'm editing the trigger prototype. The trigger gets populated in the host when the discovery rule finds an alarm. For instance, here's one such trigger that's been discovered:

Code:

last(/[host FQDN]/acActiveAlarmSeverity[169])<>0 and nodata(/[host FQDN]/acActiveAlarmSeverity[169],120)=0

**cyber** · 15-04-2024, 13:08

That one should return to OK if there is no data during 2m... it is pretty much the same as having just nodata() clause, because first part is most probably always true

Ad Widget

One trigger doesn't send recovery notifications

One trigger doesn't send recovery notifications

Comment

Comment

Comment

Comment

Comment