I am fairly new to zabbix. I need to alert of we get more than 3 messages in the last minute in a log, which is fine I can do that, e.g. {test count:log[{$LINUX_LOG}].count(60,ALANV)}>3, but our developers the want the actual count displayed in the alert, e.g. 'We have had 5 occurrences of ALANV in the last minute'. I've searched for quite a while and cannot see how I do that. Any help is most welcome.
-
-
Thanks splitek.
I had looked at calculated values previously but could not get any sensible data so assumed I was barking up the wrong tree. So I re-visited my calculation and am getting data now. The number is double what I expect but that should be something I can work on.
FYI for anyone interested, I am monitoring Linux /var/log/messages looking for an error msg, in this case just a test for string ALANV and at the moment is just a rough and ready experiment:
Added to a new Template :
Item:
Name: ALANV_COUNT
Type: Calculated
Key: ALANV_COUNT
Formula: count(log[{$LINUX_LOG}],60,ALANV)
Trigger:
Name: ALANV_COUNT_TRIG -> {ITEM.VALUE}
Sev: 2
Expression: {test count:ALANV_COUNT.last()}>1 and
{test count:ALANV_COUNT.nodata(120)}=0
Alert displays "ALANV_COUNT_TRIG -> 2" for example
-
Ignore this below. But if you are interested, I got duplicate log entries because I had 2 entries in the ServerActive= field of the agent on the zabbix server itself, which I was using as a test:
I just revisited this and using the above I get a number twice what I expected. In my case something is causing the log in zabbix to duplicate the log entry, e.g here I get 8 not 4 as the count:
/var/log/messages:
Jan 14 17:55:39 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
Jan 14 17:55:40 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
Jan 14 17:55:43 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
Jan 14 17:55:44 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
But latest data in zabbix:
2020-01-14 17:56:11 Jan 14 17:55:44 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
2020-01-14 17:56:11 Jan 14 17:55:43 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
2020-01-14 17:55:48 Jan 14 17:55:44 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
2020-01-14 17:55:48 Jan 14 17:55:43 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
2020-01-14 17:55:48 Jan 14 17:55:40 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
2020-01-14 17:55:48 Jan 14 17:55:39 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
2020-01-14 17:55:41 Jan 14 17:55:40 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANV
2020-01-14 17:55:41 Jan 14 17:55:39 gtc1zabv01 local1.err: ./syslog_err.pl:test from ALANVLast edited by vancea; 15-01-2020, 18:04.
-
Comment