Query About Trigger Based On Strings
Hi Everyone,
I have created a template to monitor silverpeak device and the MIB provided by them gives only the alarm notifications (this means that the oids can be alarm description, alarm name, alarm source & so on and they have SNMP INDEXES in them - which is how I generate an alert if an IPSEC tunnel is down by matching values of each items). However, this is dynamic - when a new alert is generated on the device, there seems to be some change on the SNMP INDEXES which later causes zabbix to think the existing issue (which zabbix shows already is a problem and mail was sent) is a new alert and generates a new alert & closes the existing active alert.
This is creating noise and not good for a production environment.
The trigger rules I have created are based on string which the item (LLD) discovers via the alarm notification mib provided by silverpeak.
Sample trigger rule which I use;
((count(/SVPK/alarm.source[{#SNMPINDEX}],1h,"like","TO US")>=4 and count(/SVPK/alarm.name[{#SNMPINDEX}],1h,"like","tunnel_down")>=4)
Is there any workaround we can implement in the trigger rule or zabbix that will enable us to overcome the effect of dynamic SNMP INDEXES? I have tried multiple trigger rule config by monitoring for few hours and let alert being generated only if it persists during the entire time but it's no help as the base SNMPINDEX changes and zabbix thinks its a new alert as a whole.
I have created a template to monitor silverpeak device and the MIB provided by them gives only the alarm notifications (this means that the oids can be alarm description, alarm name, alarm source & so on and they have SNMP INDEXES in them - which is how I generate an alert if an IPSEC tunnel is down by matching values of each items). However, this is dynamic - when a new alert is generated on the device, there seems to be some change on the SNMP INDEXES which later causes zabbix to think the existing issue (which zabbix shows already is a problem and mail was sent) is a new alert and generates a new alert & closes the existing active alert.
This is creating noise and not good for a production environment.
The trigger rules I have created are based on string which the item (LLD) discovers via the alarm notification mib provided by silverpeak.
Sample trigger rule which I use;
((count(/SVPK/alarm.source[{#SNMPINDEX}],1h,"like","TO US")>=4 and count(/SVPK/alarm.name[{#SNMPINDEX}],1h,"like","tunnel_down")>=4)
Is there any workaround we can implement in the trigger rule or zabbix that will enable us to overcome the effect of dynamic SNMP INDEXES? I have tried multiple trigger rule config by monitoring for few hours and let alert being generated only if it persists during the entire time but it's no help as the base SNMPINDEX changes and zabbix thinks its a new alert as a whole.