Ad Widget

Collapse

Trigger alert for each row in log file

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • fabian19
    Junior Member
    • Jan 2025
    • 4
    #1

    Trigger alert for each row in log file

    Helo,

    I am new in Zabbix. And i need to configure trigger which generates alerts for each row in log file.
    I created item

    log[c:\CTM_monitoring\CTM_alert.log,Ended not OK,,,skip,,,,]

    row in log looks like below

    CRITICAL - "250102 095653 - COMMUN - JQFACT002 Ended not OK"
    CRITICAL - "250102 113650 - COMMUN - XXXXXXXXX Ended not OK"
    CRITICAL - "250102 154220 - COMMUN - XXXXXXXXX Ended not OK"
    CRITICAL - "250102 234513 - COMMUN - XXXXXXXXX Ended not OK"

    JQFACT002 - this will be sometimes different and i need this in alert name ( probably by setting variable )



    Could you please help me to create trigger ?

    Thank You
    Tags: None
    • Answer selected by fabian19 at 08-01-2025, 09:47.
      cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4806
      Accoring to "Trigger alert for each row in log file" ..

      Code:
      bytelength(last(hostname/log[c:\CTM_monitoring\CTM_alert.log,Ended not OK,,,skip,,,,]))>0
      Set "PROBLEM event generation mode" to multiple.
      Set "event name" to something like "{ITEM.VALUE} found in logfile" (or "{{ITEM.VALUE}.regsub("CRITICAL - "(.*) - COMMUN - (.*) Ended not OK"","\2 not OK at \1")}" - this should set event name to something like "JQFACT002 not OK at 250102 095653")
      it will generate new alert for each found line, none of those will be closed automatically, so you need to close them manually. Automatic closure is always a bit tricky with logfile based things..

        • Selected Answer

        Comment

        • mrnobody
          Member
          • Oct 2024
          • 61
          #2
          Hiho, the way i already tested (not easy, without agent, but, works )

          To concatenate part of log: Pre processing + REGEX + JS (with split function to create an array) to grep that part of each line, export to an variable.
          To generate an trigger: can use change function, or last to compare system variable (probably {ITEM.LASTVALUE?}) with string you need. Also can re-use this same system var for Alert Name.

            Comment

            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4806
              #3
              Accoring to "Trigger alert for each row in log file" ..

              Code:
              bytelength(last(hostname/log[c:\CTM_monitoring\CTM_alert.log,Ended not OK,,,skip,,,,]))>0
              Set "PROBLEM event generation mode" to multiple.
              Set "event name" to something like "{ITEM.VALUE} found in logfile" (or "{{ITEM.VALUE}.regsub("CRITICAL - "(.*) - COMMUN - (.*) Ended not OK"","\2 not OK at \1")}" - this should set event name to something like "JQFACT002 not OK at 250102 095653")
              it will generate new alert for each found line, none of those will be closed automatically, so you need to close them manually. Automatic closure is always a bit tricky with logfile based things..

                • Selected Answer

                Comment

                • fabian19
                  Junior Member
                  • Jan 2025
                  • 4
                  #4
                  Originally posted by cyber
                  Accoring to "Trigger alert for each row in log file" ..

                  Code:
                  bytelength(last(hostname/log[c:\CTM_monitoring\CTM_alert.log,Ended not OK,,,skip,,,,]))>0
                  Set "PROBLEM event generation mode" to multiple.
                  Set "event name" to something like "{ITEM.VALUE} found in logfile" (or "{{ITEM.VALUE}.regsub("CRITICAL - "(.*) - COMMUN - (.*) Ended not OK"","\2 not OK at \1")}" - this should set event name to something like "JQFACT002 not OK at 250102 095653")
                  it will generate new alert for each found line, none of those will be closed automatically, so you need to close them manually. Automatic closure is always a bit tricky with logfile based things..
                  Thank You. It is working.

                    Comment

                    Previous template Next
                    Working...