Hello,
Trying to create own: item and trigger. While item seems to work fine - fetches data from log file accorgin to rule: "log[/var/log/zabbix/events_zabbix.log,custom_alert]", and creates reasonable entries visible in history:
Trigger does not work as expected; construction of expression is: find(/usosweb-serwan/log[/var/log/zabbix/events_zabbix.log,custom_alert],10m,"like","error")=1 , and my expectations were:
- in case when there is 'error' string in logged line, alert is being raised (that part works perfectly), but
- in case when there is no 'error' string in logged lines for longer than 10 minutes, I've expected alert will be set to 'resolved' - but it is not
- to have alert set to 'resolved' I have to pass to log file additional line which does not contain 'error' string (that is why there are two lines with 'eror', not 'error' above).
Could anyone advice where is mistake I've made? How to evaluate / ask zabbix to properly evaluate timing? For me seems that trigger is evaluating last line, regardless of time if was logged..
Thank you in advance & regards
Tomasz
Trying to create own: item and trigger. While item seems to work fine - fetches data from log file accorgin to rule: "log[/var/log/zabbix/events_zabbix.log,custom_alert]", and creates reasonable entries visible in history:
Trigger does not work as expected; construction of expression is: find(/usosweb-serwan/log[/var/log/zabbix/events_zabbix.log,custom_alert],10m,"like","error")=1 , and my expectations were:
- in case when there is 'error' string in logged line, alert is being raised (that part works perfectly), but
- in case when there is no 'error' string in logged lines for longer than 10 minutes, I've expected alert will be set to 'resolved' - but it is not
- to have alert set to 'resolved' I have to pass to log file additional line which does not contain 'error' string (that is why there are two lines with 'eror', not 'error' above).
Could anyone advice where is mistake I've made? How to evaluate / ask zabbix to properly evaluate timing? For me seems that trigger is evaluating last line, regardless of time if was logged..
Thank you in advance & regards
Tomasz
just in case someone else would have similar issue - I've rewritted both: item and trigger, and now it works as expected. I decided to use 'logrt' instead of 'log', as AI adviced (not sure if correctly) that 'log' looks for last line only, while 'logrt' is ablve to check earlir entries as well. Anyway - rewritten: item and trigger work.
Comment