Zabbix Flip-flop expression

The expression in the trigger is flexible, and we can create a complex logic test monitor with the following form of the trigger expression:

{<server>:<key>.<function> (<parameter>)}<operator><constant>

{host: Key. Functions (parameters)}< Expressions > constants, concrete examples, please go down, it's simple.

Functions function

The trigger functions can reference the retrieved value, the current time, or other element. For a complete list of function support for trigger expressions, please click on the website address supported functions

function parameters

Most numeric functions can use seconds as arguments. You can use the prefix "#" to indicate that it has a different meaning

FUNCTION Call Description

SUM (600) total in 600 seconds

SUM (#5) and of the latest 5 values

The last function uses different parameters to get different values, #2表示倒数第二新的数据. An example of a value of 1,2,3,4,5,6,7,8,9,10,last (#2) from an old and new value is a value of 9,last (#9) that results in 2. The last function must contain parameters.

The Avg,count,last,min and Max functions also support additional parameters, in seconds, for parameter time_shift (time offset). For example AVG (1H,1D), you will get the average data for the last 1 hours.

[WARNING] Note: The trigger expression needs to be calculated using history historical data, and if it is not available (the Time_shift time offset parameter cannot be used), the history record must be preserved for a long period, at least to keep the records needed. [/warning]

Trigger expressions can use unit symbols instead of large numbers, such as 5m instead of 300, or 1d instead of 86400,1k instead of 1024 bytes, and so on.

Operator

Priority Action Definition

1/except

2 * Multiply

3-Minus

4 + Plus

5 < less. Use the following:

A<b⇔ (a<=b-0.000001)

6 > Greater than. Use the following:

A>b⇔ (a>=b+0.000001)

7 # Not equal to. Use the following:

A#b⇔ (a<=b-0.000001) | (a>=b+0.000001)

8 = equals. T usage is as follows:

A=b⇔ (a>b-0.000001) & (a<b+0.000001)

9 & Logic and

10 | Logical OR

Trigger Example

Example One

Trigger Name: Processor load is too high on www.zabbix.com

{www.zabbix.com:system.cpu.load[all,avg1].last (0)}>5

Description of the trigger:

Www.zabbix.com:host Name

System.cpu.load[all,avg1]:item value, one minute CPU average load value

Last (0): Latest value

>5: Latest value greater than 5

As shown above, www.zabbix.com this host's monitoring items, the latest CPU load value if greater than 5, then the expression will return true, so that the trigger state is changed to "problem".

Example Two

Trigger Name: Www.zabbix.com is overloaded

{www.zabbix.com:system.cpu.load[all,avg1].last (0)}>5| {www.zabbix.com:system.cpu.load[all,avg1].min (10m)}>2

The expression will return true if the current CPU load is greater than 5 or the CPU load in the last 10 is greater than 2.

Example Three

Trigger Name:/ETC/PASSWD has been changed

Use function diff ():

{Www.zabbix.com:vfs.file.cksum[/etc/passwd].diff (0)}>0

/ETC/PASSWD the latest checksum is different from the last checksum obtained, the expression returns TRUE. We can use the same method to monitor the system's important configuration files, such as/etc/passwd,/etc/inetd.conf and so on. These Zabbix usually bring their own, not with you add it yourself.

Example Four

Trigger Name: Someone is downloading a large file from the Internet

Use the function min:

{www.zabbix.com:net.if.in[eth0,bytes].min (5m)}>100k

Current host Nic Eth0 received over 100KB in the last 5 minutes then the trigger expression will return true

Example Five

Trigger Name: Both nodes of clustered SMTP server is down

{smtp1.zabbix.com:net.tcp.service[smtp].last (0)}=0&{smtp2.zabbix.com:net.tcp.service[smtp].last (0)}=0

When the SMTP server on both Smtp1.zabbix.com and smtp2.zabbix.com two hosts is offline, the expression returns TRUE.

Example Six

Trigger Name: Zabbix Agent needs to be upgraded

Use the function str ():

{zabbix.zabbix.com:agent.version.str ("beta8")}=1

This expression returns true if the current Zabbix agent version contains BETA8 (assuming the current version is 1.0beta8).

Example Seven

Trigger Name: Server is unreachable

{Zabbix.zabbix.com:icmpping.count (30m,0)}>5

The above expression indicates that the last 30 minutes zabbix.zabbix.com this host more than 5 times unreachable.

Example Eight

Trigger Name: No heartbeats within last 3 minutes

Use the function NoData ():

{Zabbix.zabbix.com:tick.nodata (3m)}=1

Tick is Zabbix trapper type, first we want to define an item with a type of Zabbix trapper,key as tick. We use Zabbix_sender to send data periodically to tick, and if the data sent by Zabbix_sender has not been received within 3 minutes, the expression returns a true while the value of the trigger changes to "problem".

Example Nine

Trigger Name: CPU activity at night time

Use function time ():

{zabbix:system.cpu.load[all,avg1].min (5m)}>2&{zabbix:system.cpu.load[all,avg1].time (0)}>000000&{ Zabbix:system.cpu.load[all,avg1].time (0)}<060000

Only from 0 o'clock in the morning to 6 o'clock, the CPU load is greater than 2 in the last 5 minutes, the expression returns True, the state of the trigger is changed to "problem"

Example Ten

Trigger Name: Check If client local time is in sync with Zabbix server time

Use function Fuzzytime ():

{MySQL_DB:system.localtime.fuzzytime (10)}=0

Host mysql_db Current server time if the time difference from Zabbix server is 10 seconds or more, the expression returns True, and the trigger state changes to "problem"

Example Xi.

Trigger name: Comparing average load today with average load of the same time yesterday (using the Time_shift Temporal offset parameter).

{server:system.cpu.load.avg (1h)}/{server:system.cpu.load.avg (1h,1d)}>2

This expression would fire if the average load of the last hour tops the average load of the same hour yesterday more than The Times.

Hysteresis (hysteresis, hysteresis)

In a nutshell, it takes a condition to change the trigger state to problem, and it takes a condition to get back from problem. A generic trigger can be resumed only if the trigger is not satisfied with the problem condition. You got it. If you don't understand, look at the examples.

Sometimes triggers need to use different conditions to represent different States, for example, a very interesting website: room temperature normal stability for 15-20°, when the temperature exceeds 20 °, the trigger value is problem, when the problem to 15° and 20°, the anomaly will be lifted. Don't do this, we'll see the example.

To achieve this effect, we need to use the following trigger expression:

Example 1

Trigger Name: temperature in Server too

({TRIGGER. Value}=0&{server:temp.last (0)}>20) |

({TRIGGER. Value}=1&{server:temp.last (0)}>15)

As there are two parentheses, the previous one represents the condition that triggered the exception, and the following expression represents the condition for lifting the exception.

Note: Macro variable {TRIGGER. Value} will return the values of the current trigger

Example 2

Trigger Name: Free disk space was too low

Problem: The remaining disk space is less than 10GB in the last 5 minutes. exception

Recovery: The last 10 minutes of disk space is greater than 40GB. Recovery

Simply put, once the remaining space is less than 10G to trigger the exception, and then the remaining space must be greater than 40G to remove the exception, even if you have the remaining space to reach 39G (not in the alarm condition) that is useless, interesting.

({TRIGGER. Value}=0&{server:vfs.fs.size[/,free].max (5m)}<10g) |

({TRIGGER. Value}=1&{server:vfs.fs.size[/,free].min (10m)}<40g)

QQ: Exchange Group: 9888359

Original address: http://www.ttlsa.com/zabbix/zabbix-trigger-expression/