To get help to identify why this error is happening to a Zabbix trigger when we are trying to monitor eventlog using multiple eventid and condition.
Item retrieved without problem from the client server.
Error message: "Cannot evaluate expression: "Cannot evaluate function "SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1210|1309)": cannot get values from value cache."."
Item key: eventlog[Directory Service,,"Error"]
Trigger Expression:
{SERVERNAME:eventlog[Directory Service,,"Error"].logseverity()}=4 and ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("*")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1228|1229|1230|1231|1238|1262|1308|138 8|1429|1432|1450|1452)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("Active Directory")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1016|1017|1039|1043|1044|1052|1053|116 8|1170|1208|1209|1236|1315|1405|1409|1411|1469|113 5|1173|1188|1237|1381|1382|1407|1436|1448|1467|146 8|1519|1523)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("ActiveDirectory_DomainService")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1017|1052|1053|1158|1159|1160|1161|116 5|1208|1209|1236|1315|1405|1409|1411|1469|1115|111 7|1140|1141|1173|1188|1237|1381|1382|1407|1436|144 8|1467|1468|1519|1523)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS *")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1043-1044)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS Database")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1054|1520|1521)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS General")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1017|1165|1168|1169|1170|1189|1204|120 8|1209|1236|1242|1243|1244|1245|1246|1248|1249|125 0|1251|1252|1253|1254|1315|1385|1387|1405|1409|141 1|1469|1079|1135|1171|1173|1188|1198|1202|1206|123 7|1241|1255|1381|1382|1386|1407|1436|1448|1466|146 7|1468|1519|1523)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS Inter-site Messaging")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1373|1374|1375|1376|1377|1378|1380)}=1 ) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS ISAM")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(421|422|471|613|614|617|460|461|462|46 3|464|465|466|500|501|502|503|504|600|601|602|603| 604|705|711)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS KCC")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1014|1312|1063|1064|1091|1134|1256|131 1)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS LDAP")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1210|1309)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS MAPI")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1179|1234)}=1) and {SERVERNAME:eventlog[Directory Service,,"Error"].nodata(60)}=0
Item retrieved without problem from the client server.
Error message: "Cannot evaluate expression: "Cannot evaluate function "SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1210|1309)": cannot get values from value cache."."
Item key: eventlog[Directory Service,,"Error"]
Trigger Expression:
{SERVERNAME:eventlog[Directory Service,,"Error"].logseverity()}=4 and ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("*")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1228|1229|1230|1231|1238|1262|1308|138 8|1429|1432|1450|1452)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("Active Directory")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1016|1017|1039|1043|1044|1052|1053|116 8|1170|1208|1209|1236|1315|1405|1409|1411|1469|113 5|1173|1188|1237|1381|1382|1407|1436|1448|1467|146 8|1519|1523)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("ActiveDirectory_DomainService")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1017|1052|1053|1158|1159|1160|1161|116 5|1208|1209|1236|1315|1405|1409|1411|1469|1115|111 7|1140|1141|1173|1188|1237|1381|1382|1407|1436|144 8|1467|1468|1519|1523)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS *")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1043-1044)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS Database")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1054|1520|1521)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS General")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1017|1165|1168|1169|1170|1189|1204|120 8|1209|1236|1242|1243|1244|1245|1246|1248|1249|125 0|1251|1252|1253|1254|1315|1385|1387|1405|1409|141 1|1469|1079|1135|1171|1173|1188|1198|1202|1206|123 7|1241|1255|1381|1382|1386|1407|1436|1448|1466|146 7|1468|1519|1523)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS Inter-site Messaging")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1373|1374|1375|1376|1377|1378|1380)}=1 ) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS ISAM")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(421|422|471|613|614|617|460|461|462|46 3|464|465|466|500|501|502|503|504|600|601|602|603| 604|705|711)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS KCC")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1014|1312|1063|1064|1091|1134|1256|131 1)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS LDAP")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1210|1309)}=1) or ({SERVERNAME:eventlog[Directory Service,,"Error"].logsource("NTDS MAPI")}=1 and {SERVERNAME:eventlog[Directory Service,,"Error"].logeventid(1179|1234)}=1) and {SERVERNAME:eventlog[Directory Service,,"Error"].nodata(60)}=0