Trigger expression:
The expression of Zabbix trigger is highly flexible and can create very complex test conditions, with the following basic trigger expressions:
{<server>:<key>.<function> (parameter)}<operator><constant> constant constant
For example: {10.10.10.202:net.tcp.service[http,,80].last ()}=0
Server: host name;
key: The key of the corresponding monitoring item associated with the host;
function: The functions used to evaluate whether the collected data exists within a reasonable range, and the evaluation process can be based on the data collected, the current time and other factors
the functions currently supported by triggers are AVG, count, change (changing value size), date (time), DayOfWeek (Day of the week), Delta, diff (difference),Iregexp (based on regular expression matching), Last (final sample), Max, Min, NoData (no data collected), now, SUM, etc.
Patameter : function arguments; Most numeric functions can accept seconds as their arguments, and if they are prefixed with "#" before the argument is used, it is represented as the last number of values, such as SUM (300) for all values in 300 seconds, and sum (#10) Represents the sum of the last 10 values; In addition, AVG, Count, last, Min, and Max also support the use of the second parameter, which is used to complete the time limit, for example, Max (1h,7d) returns the maximum value within one hour of the week
To create a description of the properties that are available for a trigger
Name: Trigger names, you can use macros, such as $ $, $2....$9, etc.
Expression: A logical expression used to evaluate the state of a trigger
Multiple problem events Generation: Other events are generated depending on the current trigger "problem" state;
Description: Description information of the current trigger;
URL: A link to the content displayed in the "Status of Trigger" screen;
Severity: Severity level of the current trigger
Enabled: Whether to enable the current trigger
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/82/BF/wKiom1df0HXju3K7AAGxt0rh-qE261.png "title=" 5.png " alt= "Wkiom1df0hxju3k7aagxt0rh-qe261.png"/>
Trigger operator:
The following operators are supported by trigger:
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/82/BE/wKioL1df0ebwVuQ4AAHDLLPqKdE020.png "title=" 6.png " alt= "Wkiol1df0ebwvuq4aahdllpqkde020.png"/>
function expressions for triggers
The function expression is also part of the expression, but the content is more, here alone to summarize.
Abschange
Parameters: Ignore
Support Type: Float,int,str,text,log
Function: Returns the absolute value of the most recently obtained values compared to the previous obtained value, for string types: 0 for equality, and 1 for different
Avg
Parameter: Seconds or #num
Support Type: Float,int
Function: Returns the average of a period of time
Example:
AVG (5): Average of the last 5 seconds
AVG (#5): Represents the average of the last 5 times the value obtained
AVG (3600,86400): Represents the average of one hours a week ago
If there is only one parameter that represents the average of the specified time, starting from now, if there is a second parameter, the drift, the time from the second parameter,
#n表示最近n次的值
Max
Parameter: Seconds or #num
Supported Value types: Float,int
Description: Returns the maximum value for the specified time interval. The interval as the first parameter can be the number of seconds or collected values (prefixed by #). Starting with Zabbix1.8.2, the function supports the second optional parameter time_shift, which allows you to view the AVG () function to get its use.
Min
Parameter: Seconds or #num
Supported Value types: Float,int
Description: Returns the minimum value for the specified time interval. The interval as the first parameter can be the number of seconds or collected values (prefixed by #). Starting with Zabbix1.8.2, the function supports the second optional parameter time_shift, which allows you to view the AVG () function to get its use.
Sum
Parameter: Seconds or #num
Supported Value types: Float,int
Description: Returns the sum of the values collected in the specified time interval. The time interval supports the number of seconds or collection values (starting with #) as the first parameter. Starting with Zabbix1.8.2, this function supports Time_shift as the second parameter. You can view the AVG function to get its usage
Change
Parameters: Ignore
Support Type: Float,int,str,text,log
Function: Returns the difference between the nearest obtained value and the previously obtained value, for the string 0 for equality, and 1 for the different
Example:
Change (0) >n: Ignore parameter general input 0, indicating the difference between the most recently obtained value and the previous value is greater than n
Count
Parameter: Seconds or #num
Support Type: Float,int,str,text,log
Function: Returns the statistic of the value within the specified time interval,
Example:
COUNT (600) The number of values received in the last 10 minutes
Count (600,12) Gets the number of values equal to 12 in the last 10 minutes
Count (600,12, "GT") the last 10 minutes to get the number of values greater than 12
Count (#10, 10, "GT") the number of values greater than 12 for the most recent value
Count (600,12, "GT", 86400) the number of values greater than 12 in 10 minutes before 24 hours
Count (600,6/7, "band")-thenumberofvaluesforlast10minuteshaving ' (inbinary) inthe3leastsignificantbits.
Count (,,, 86400) The number of 10-minute data values before 24 hours
First parameter: Specify a time period
Second parameter: Sample data
Third parameter: Operation parameters
Fourth parameter: Drift parameter
#支持的操作类型
EQ: Equal
NE: Not Equal
GT: Greater Than
GE: greater than or equal to
LT: less than
Le: Less than or equal to
Like: Content matching
Diff
Parameters: Ignore
Supported Value types: Float,int,str,text,log
Effect: A return value of 1 indicates that the nearest value differs from the previous value, and 0 is a different condition
Last
Parameter: Seconds or #num
Supported Value types: Float,int,str,text,log
Function: The nearest value, if the second, is ignored, #num表示最近第N个值, note that the current #num and some other functions of the #num meaning are different
Example:
Last (0) equivalent to (#1)
Last (#3) indicates the most recent 3rd value (not the last three values) This function also supports the second parameter time_shift, for example last (0,86400) returns the nearest value of the day before
If multiple values exist in the same second in the history, Zabbix does not guarantee the exact order of the values
#num从Zabbix1.6.2 Start Support, timeshift from 1.8.2 its start support, you can query the AVG () function to get its use method
Logeventid
Parameter: string
Supported Value types: Log
Description: Checks whether the EventID of the most recent log entry matches the regular expression. The parameter is a regular expression, POSIX extended style. When the return value is 0, a mismatch is indicated, and 1 is a match. This function is supported from Zabbix1.8.5 onwards.
LogSeverity
Parameters: Ignore
Supported Value types: Log
Description: Returns the log level (logseverity) of the most recent log entry. When the return value is 0, the default level, n is the specific level (integer, commonly used in windowseventlogs). The Zabbix log level is derived from the information column of Windowseventlog.
Logsource
Parameter: string
Supported Value types: Log
Description: Checks whether the most recent log entry matches the log source for the parameter. When the return value is 0, the mismatch is indicated, and 1 is the match. The Pass-field is used for windowseventlogs monitoring. For example logsource["Vmwareserver"]
Prev
Parameters: Ignore
Supported Value types: Float,int,str,text,log
Description: Returns the previous value, similar to last (#2)
Regexp
Parameters: The first argument is a string, the second argument is a second or #num
Supported Value types: Str,log,text
Description: Checks whether the nearest value matches a regular expression, the regular expression for the parameter is a POSIX extended style, the second parameter is the number of seconds, or the number of collected values, and multiple values are processed. This function is case-sensitive. When a return value of 1 is found, 0 is the other.
Str
Parameters: The first argument is a string, the second argument is a second or #num
Supported Value types: Str,log,text
Description: Finds the string in the nearest value. The first parameter specifies the string to find, case sensitive. The Second optional parameter specifies the number of seconds or collection values that will be processed by multiple values. When a return value of 1 is found, 0 is the other.
Strlen
Parameter: Seconds or #num
Supported Value types: Str,log,text
Description: Specifies the string length (not bytes) of the nearest value, and the parameter value is similar to the last function. For example, strlen (0) is equivalent to strlen (#1), strlen (#3) represents the nearest third value, strlen (0,86400) Represents the most recent value of a day ago. This function starts from Zabbix1.8.4 support
Time
Parameters: Ignore
Supported value types: any
Description: Returns the current time, formatted as HHMMSS, for example 123055
Date
Parameters: Ignore
Support Type: any
Function: Returns the current time, format YYYYMMDD
DayOfMonth
Returns the day of the month that is currently
DayOfWeek
Returns the day of the week that is currently
Delta
Parameter: Seconds or #num
Support Type: Float,int
Function: Returns the difference between the maximum and minimum values within the time interval
NoData
Parameter: Seconds
Supported value types: any
Description: When a return value of 1 indicates that the specified interval (interval should not be less than 30 seconds) has not received data, 0 represents the other.
Now
Parameters: Ignore
Supported value types: any
Description: Returns the number of seconds from the epoch (January 1, 1970 00:00:00UTC) time
Fuzzytime
Parameter: Seconds
Supported Value types: Float,int
Function: A return value of 1 indicates that the time stamp of the monitoring item value is more than n seconds, and 0 is the other. Use System.localtime to check whether local time is the same as zabbixserver time.
An example of trigger expression:
{www.magedu.com:system.cpu.load[all,avg1].last (0)}>3
Indicates that the last value of the average load in the last minute of all CPUs on the host www.magedu.com is greater than 3 o'clock to trigger the state transition
For last function, last (0) is equivalent to last (#1)
{www.zabbix.com:system.cpu.load[all,avg1].last (0)}>5
#系统负载大于5就报警
{www.zabbix.com:system.cpu.load[all,avg1].last (0)}>5| {www.zabbix.com:system.cpu.load[all,avg1].min (10m)}>2
#cpu负载大于5或者最后10分钟负载大于2的时候都会报警.
{Www.zabbix.com:vfs.file.cksum[/etc/passwd].diff (0)}>0
#/etc/passwd file changes will alert
{www.zabbix.com:net.if.in[eth0,bytes].min (5m)}>100k
#在最后5分钟, network card eth0 traffic is greater than 100K alarm
{smtp1.zabbix.com:net.tcp.service[smtp].last (0)}=0&{smtp2.zabbix.com:net.tcp.service[smtp].last (0)}=0
#两个节点上的smtp服务都宕机才会报警, the expression uses two hosts
{Zabbix.zabbix.com:icmpping.count (30m,0)}>5
#在最后30分钟主机不能ping通的次数大于5就报警
This article is from the "Zengestudy" blog, make sure to keep this source http://zengestudy.blog.51cto.com/1702365/1789212
13. Trigger Expression