Monitoring for Sustained High Network Latency instead of AVG
Hello everyone,
This is likely a Zabbix-4-dummies topic, but with a clear answer, I believe this post could be extremely helpful for other users new to Zabbix, even after reading the "5 Simple Checks."
- and I've been hunting a similar solution online/forum/YouTube for days now.
The default "High ICMP ping response time" is too sensitive in my environment and alerts too often when near the threshold. (however useful if latency remains over the threshold...)
The default trigger is built with the expression:
avg(/ICMP Ping/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN}
- avg = average
- ICMP Ping = template name
- icmppingsec = ping response time (in seconds)
- 5m = 5 minute interval
- > = greater-than :-)
- $ICMP_RESPONSE_TIME_WARN = Macro = 0.15s (or 150ms, as set by default)
Therefore this trigger will fire if the average response time, over a 5 minute time period, is greater than 150ms.
- and alerts repeatedly [problem/resolved/problem/resolved/etc.] when the threshold is hovering around 150ms.
QUESTION:
In our instance, it would be useful to create a trigger that fires when the [response time is greater than ###ms for a # minute time period].
In other words, alert when there is sustained high latency.
Any thoughts? Am I overthinking it?
Thanks for your time and any advice!
This is likely a Zabbix-4-dummies topic, but with a clear answer, I believe this post could be extremely helpful for other users new to Zabbix, even after reading the "5 Simple Checks."
- and I've been hunting a similar solution online/forum/YouTube for days now.
The default "High ICMP ping response time" is too sensitive in my environment and alerts too often when near the threshold. (however useful if latency remains over the threshold...)
The default trigger is built with the expression:
avg(/ICMP Ping/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN}
- avg = average
- ICMP Ping = template name
- icmppingsec = ping response time (in seconds)
- 5m = 5 minute interval
- > = greater-than :-)
- $ICMP_RESPONSE_TIME_WARN = Macro = 0.15s (or 150ms, as set by default)
Therefore this trigger will fire if the average response time, over a 5 minute time period, is greater than 150ms.
- and alerts repeatedly [problem/resolved/problem/resolved/etc.] when the threshold is hovering around 150ms.
QUESTION:
In our instance, it would be useful to create a trigger that fires when the [response time is greater than ###ms for a # minute time period].
In other words, alert when there is sustained high latency.
Any thoughts? Am I overthinking it?
Thanks for your time and any advice!
Comment