Ad Widget

**kaspars.mednis** · 17-01-2018, 13:49

There is already global regular expression named Windows service names for discovery in

Administration -> General -> Regular Expressions (dropdown on top right)

You can just extend it with your uneeded services, then use it as a filter in LLD rule

Regards,
Kaspars

**Ben488** · 17-01-2018, 15:26

Thank you Kaspers.

Could you advise on how the structure of building Expressions here work and how to specify a service here?

The current expressions are

"^(MMCSS|gupdate|SysmonLog|clr_optimization_v2.0.5 0727_32|clr_optimization_v4.0.30319_32)$"

**kaspars.mednis** · 17-01-2018, 15:36

Just add another service name after the | sign inside the brackets ( )

You can also add other expressions here with the add link, and then test the result in the Test tab (combined result must be false for excluded service name)

12. Regular expressions

https://www.zabbix.com/documentation/3.4/manual/regular_expressions

Regards
Kaspars

**Ben488** · 22-01-2018, 10:50

Perfect, thank you Kaspers.

**gherbstman** · 19-06-2019, 23:56

**glardz** · 10-09-2019, 11:47

**daohai** · 04-11-2019, 09:31

it's not working . do you have another way ?

**doum** · 04-11-2019, 18:24

The problem of tihs method is that it disable service from discovery...It will be better I think to discover them, but automatically disable the trigger based on service name.

**thetinkergnome** · 04-11-2019, 20:12

For me, adding all the services I want to filter out to a single regular expression can get a little hard to manage and troubleshoot. Instead, I add a new expression to the "Windows service names for discovery" expression each time. I set the type to "Result is FALSE" and then enter in the service name I want to filter out.

It's important to note that if you already have a trigger in the Problem state, and you add an expression to ignore this service, the trigger will not go away for 30 days (I think). If you want it to go away from the Problems screen immediately, you need to go to the item and the trigger on the host and disable them.

Dave

**doum** · 05-11-2019, 14:59

Originally posted by thetinkergnome

For me, adding all the services I want to filter out to a single regular expression can get a little hard to manage and troubleshoot. Instead, I add a new expression to the "Windows service names for discovery" expression each time. I set the type to "Result is FALSE" and then enter in the service name I want to filter out.

It's important to note that if you already have a trigger in the Problem state, and you add an expression to ignore this service, the trigger will not go away for 30 days (I think). If you want it to go away from the Problems screen immediately, you need to go to the item and the trigger on the host and disable them.

Dave

can you explain more what you do with example ?

**thetinkergnome** · 05-11-2019, 23:33

By default, Zabbix has a global regular expression called "Windows service names for discovery". It contains an expression where the type is "Result is FALSE" and has an expression like this (not including the quotes) "^(sppsvc|MMCSS|gupdate|SysmonLog)$". What I do is click the "Add" link just below that in the expression editor and create a new expression. I set it to "Result is FALSE" and set the value to whatever service I do not want to create an item and trigger for. You can just put in a substring here and it will catch anything that matches.

For example, on a 2016 Remote Desktop server, for every user that logs in a dynamic service called "CDPUserSvc_xxxxxxx" is created and set to Automatic. When they log out, the service is deleted. This makes Zabbix very unhappy. So, if you add an expression to the "Windows service names for discovery" expression, set it to "Result Is False" and set its value to "CDPIserSvc" all of these services will be ignored by Zabbix.

You could just add the services you want to ignore to the existing expression that comes with Zabbix, but I have found it harder to get to work as expected. The way I outlined above works every time for me

Dave

**doum** · 05-11-2019, 23:37

oh ok it's just more readable but it's the same

personnaly I prefer if the template import all the service, but if we could have a way to easely disable trigger (based on a macro or regular expression like this)

but for the moment I do this too, for lack of anything better.

**thetinkergnome** · 06-11-2019, 00:03

So you would prefer that Zabbix imports some items/triggers as disabled? I'm curious - what is your reasoning behind that?

**doum** · 06-11-2019, 12:46

Originally posted by thetinkergnome

So you would prefer that Zabbix imports some items/triggers as disabled? I'm curious - what is your reasoning behind that?

Don't know
be able to know how many server have this service, or maybe because a service one day can be "not wanted to monitor because not always running" on 95% of server, but not on all.

currently the exclusion is global.

but it's not a massive problem. currently i have disable the import for these services.

Ad Widget

Windows Service Discovery

Windows Service Discovery

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment