I'm not sure what Zabbix version you're using, but in Zabbix 3.2 you can define (one or more) item(s) to check for hosts and then you can select a single item to uniquely identify that host in the "Device uniqueness criteria".

"system.uname" is pretty terrible one to use, since it includes like the kernel version, so the moment you upgrade the host it would add a new host.
You can still use that item as on of the "Checks", but rather use something like "IP address" or 'Zabbix agent "agent.hostname"' to uniquely identify your host.

I don't have much experience with discovery, so this is about as much as I can tell.

I am using IP Address as the unique identifier in all cases. For some reason, it still adds the hosts.

I'm thinking this isn't a discovery issue, because it is not really re-discovering them. It's the action that I set up.

Right now I'm using:

A Discovery rule = MyDiscoveryRule
B Discovery status = Up
C Service type = ICMP ping

Maybe instead of discovery status = up I should change it to "discovered"?

EDIT: or add "Uptime <=x " ?

Are you perhaps adding DNS entries for those IP addresses after you've moved the host out of the Discovered Hosts group?

So how does the discovered host's details look when compared to the one that you moved? Like did the "Host name" field just get a "_2" appended to it, but the IP, DNS & port fields for the Agent/SNMP/JMX/IPMI interfaces are the same?

I'm not adding DNS. The host details are the same.

I think it's important to note it's not actually ADDING the hosts again. They're already discovered, but it just adds them to a GROUP.

I am having this very same issue in 5.0.17.

Discovery Rule:
HTTP
HTTPS
LDAP
NNTP
SNMPv1 agent ".1.3.6.1.2.1.1.1.0"
SNMPv2 agent ".1.3.6.1.2.1.1.1.0"
SNMPv2 agent ".1.3.6.1.2.1.1.5.0"
SNMPv2 agent "1.3.6.1.4.1.232.11.2.14.1.1.4.0"
SSH
TCP (3389)
TCP (9100)
Telnet


Discovery Action:
Discovery Action Conditions:
Type of Calculation: A and B
A Discovery rule equals <My discovery rule form above>
B Discovery status equals Discovered
Device uniqueness criteria: IP


Discovery Action Operations:
Add to host groups: <My Site Level Discovered Host Group>
Remove from host groups: Discovered hosts
Enable host


I have over 60 sites and each has 4 host groups:
Discovered Hosts
Helpdesk Hosts
Systems Hosts
Network & Security Hosts

The above discovery rule and action correctly populate the respect site Discovered Hosts group. The next step in the desired workflow is to move the hosts form the site Discovered Hosts to the proper site level host group such has Helpdesk, Systems and Network & Security. After this is done, the site level Discovered Hosts group is empty but the next time the discovery runs, most of the discovered hosts are added to the site level Discovered Hosts group.

Any help would be greatly appreciated.

I am posting a reply to this because I have seen many post with people trying to do the same thing that I am by searching the forums and none have replies, i.e. use Zabbix to discover newly added hosts to my networks but there is something missing from the documentation. The problem happens with hosts that fall into a deep sleep or are taken offline for a day or so either due to a failure or maintenance.

The possible options for Discovery Status are Discovered, Lost, Up, Down. The explanation in the documentation is weak with what some of these mean. From a Zabbix book, I finally found some more details:

Discovered: This device or service is being seen for the first time or after it was detected to be down.
Lost: This device or service has been seen before but it just disappeared.
Up: This device or service has been discovered, no matter how many times it might have happened already.
Down: This device or service has been discovered at some point, but right now, it is not reachable, no matter how many times that has happened before.

In my opinion, since you describe device uniqueness criteria in the Discovery Rule, a device can only be "Discovered" once if it is already known to Zabbix. The difference between Up and Discovered is just how long a device has been down before being considered Lost. There should be a 5th Status to distinguish between Discovered and "hey it's up but it's been down for a while"

Knowing what I know now, I see no way to implement the following:

• Create 4 host groups for each of my sites: Local IT Hosts, Network & Security Hosts, Systems Hosts and Unknown Discovered Hosts
• Create a discovery rule for Zabbix to scan the site networks for any interesting hosts, i.e. SSH, Telnet, 3389, SNMP, HTTP, HTTPS are open
• If someone puts a device on the network with any of above ports open or protocols active, Zabbix will find it and add it to the "Unknown Discovered Hosts" host group and send an email alert.
• Because of how the "Discovered" status is implemented, hosts that fall into a deep sleep (MFPs) or are taken offline for a day or so either due to a failure or maintenance, will repeatedly trigger a "Discovered" status even though Zabbix is already aware of them.

Hope this helps others trying to implement anything similar.