Where exactly did you put that regular expression? - On the discovery rule there is a tab "Filters" - you should put your expression there (assuming it is correct - did only a fast check for obvious errors).

I put it within th administrative section in zabbix like it's described in the documentation:

Did you try your regex with a few of your service names on https://regex101.com/ for example?
And I would give it a try using that expression in the filters.

Why should I use a filter in the template? What if there are changes on the template and the filter isn't available anymore or the entries are gone?
Why is there a central option when it's not working? Maybe I'm using it wrong?!

Best regards, Michael

Do we have any solution? I find so many threads about regular expressions and that they don't work.

In general, regular expressions are not the easiest thing. Milking a cow is far easier, even for an IT tech. ;-) - Apart from that I think, that you have to consider, that it also depends on the underlying data where the regular expression is applied to. In Zabbix you cannot debug this very well (or I just didn't discover yet how to do it).

Regarding the filter: You use the filter, if you have a discovery rule that finds more stuff that you actually want to monitor. Of course you could also change your discovery rule script to not report stuff you don't want. The filter is an option to exclude reported stuff, you don't want to monitor. The discovery report part could also be a binary which you cannot change, so this option makes sense. Of course it is more efficient, if you can omit reporting stuff you don't need in the first place.

So I always have to edit the template because I am using 5.2 (fresh installation)? Are there any limitations? For example the length of the entry in the macro of the template?

If you use a fresh installation but using an existing database or importing templates or other configuration data, yes, you need to edit and adopt, if the database or data have been used with a different version before.

And BTW: I noticed, that with your expression you want to handle exceptions - so I assume you are also missing the "!" in your expression to tell it, reported entities should NOT match any of the given service names.

As I wrotebefore, it's a completely fresh installation. No existing database or anything else. Do I also have to make the exclusions in the template?

I can't follow you in this case? Where am I missing the "!"?
I'm really confused now... Can we make a short break and you tell me what I have to do?

1) Fresh installation
2) Edit global exclusions? yes/no
3) Edit Template? yes/now
4) Which regex do I have to use?

I'm not an expert in regex. I'm only trying to figure out how it works when I compare different solutions I find on the internet. :-(

In general your global expressions are used by the templates - or even not. I have in my (also pretty recent fresh installation) 2 different Windows templates that are service related. I don't use them as I don't have any single Windows Server in my environment, but I took a look at them: And I don't find a reference to the global expressions there. They only refer to template or host macros (macros from templates are inherited to hosts but can be overwritten there). I am not sure because also pretty new to zabbix, but maybe these (default) expressions are there only for backward compatibility. But in your case might be different or you might have changed your configuration or imported some external template. From your last comment, I assume, you are using everything in default and added one of the two "Windows Services ..." templates to your host(s). And in that case I think, those expressions are not used anyway.

Sorry for that - I did not see, you changed the "Result" to false for that expression. - The "!" is a NOT in regular expression writing - see https://stackoverflow.com/questions/...ch-with-regexp

After looking at the default windows related templates, I think, those global expressions are not used in the current templates. In general: You can define global expressions and macros (maybe misleading name - macros are basically variables). So not only expressions can be defined globally - also Macros:


Macros can be defined also on template and host level and are inherited from template to hosts (and can be overwritten there - as mentioned above).

BUT: All those are irrelevant if not used!

In my 5.2.4 version I can see the following filters in the discovery rules for windows services:


Those refer to MACROS! - You can see this by the "{}" enclosed expressions and the # or $ sign (built-in vs user defined macros). So you need to look at the template level macros or host macros:


If you want to refer to your global expressions you would have to use @ - like this:


So to sum up: From current knowledge, I think you can put your favorite quote there into the global expression and it would not make any difference because not referenced by the actual templates.
I am sorry for creating confusion. I did not look at the actual templates and assumed, that those expressions are used in the templates / in your configuration.

I am pretty sure, that there are not soo many real experts in regular expressions out there. I do not consider myself as one of them either. :-(

Thank you very much. Now I'm on the right way :-)

OK, thank you. Now I understand it better. Do yout have any links for reasearch how to use json preprocessing?

If you use templates from 5.2 also, then those have "local" filter in template, as mentioned above. Those global regexes do not apply there. They are there only for backward compatibility (if you upgrade from earlier versions, your templates are not replaced and have to keep working).