Linux Zabbix trigger last/logeventid/max/min usage example

I. last

Latest value (sec | # num, <time_shift>)
Value # num-number of the latest values, supported, floating, INT, STR, text, logs, and time_shift. For example, last () returns the latest value one day ago, in history, ZABBIX does not guarantee the exact order of values. If there are more than two values in the past one second
NUM works in different ways. Here there are more functions than others.
Last ()-always equal to last (#1)
Last (#3)-the latest third value (instead of the three latest values)

Example

The last sample is of great use. As follows:
{Www.111cn.net: system. cpu. load [all, avg1]. last (0)}> 5
Triggered if the latest cpu. load value is greater than 5

{Www.111cn.net: system. cpu. load [all, avg1]. last (1)}> 5
If the value of cpu. load is greater than 5 in the last 1 second

{Www.111cn.net: system. cpu. load [all, avg1]. last (0)}> 5 | {www.111cn.net: system. cpu. load [all, avg1]. min (10 m)}> 2
If the cpu. load value is greater than 5 or the minimum cpu. load value is greater than 2 in the last 10 minutes

{Bbs.111cn.net: net. tcp. [http]. last (0)} = 0 & {www.111cn.net: net. tcp. [http]. last (0)} = 0
Triggered only when the http value of both websites is equal to 0.

{Www.111cn.net: zabbix. ping. last (#5, 3 m)} = 0
If the value of 5th times in the last 3 minutes is 0, it is triggered. For the fifth time, I believe that the descriptions above the examples can be understood.

{Www.111cn.net: cpu. load [cpu. avg1]. last (#2)}> 3
Trigger when the load on cpu. load is greater than 3

{Www.111cn.net: cpu. load [cpu. avg1]. last (, 1d)}> 3
At this time, cpu. load is triggered when the load is greater than yesterday's cpu. load 3.

II. logeventid

Check. If the regular expression of the event ID of the last log entry matches, only log mode is supported. If 1 is 0, no match is performed.

Logseverity
Logseverity
Parameter: Ignore
Supported value type: log
Description: logseverity ). when the returned value is 0, it indicates the default level, and N indicates the corresponding level (integer, often used in Windowseventlogs ). zabbix log level comes from the Information column of Windowseventlog.

III. max

(Sec | # num, <time_shift>) the maximum value or maximum value of an item within the evaluation period. Time_shift is supported in zabbix1.8.2.
Second or # NUM-the unit of second during the evaluation period or the value collected as the latest (starting with a well number). float, int

IV. Example

{Www.111cn.net: net. tcp. service [nginx]. max (#5)} = 0
If the maximum value of the value obtained in the last three or five times is 0

{Www.111cn.net: system. cpu. load. max (30 m)}> 5
Trigger if the maximum cpu load is greater than 5 within 30 minutes

{Www.111cn.net: system. cpu. load. max (#5)}> 10
In the last five return values of the cup, if the maximum value is more than 10, the trigger

{Www.111cn.net: vfs. fs. size [/, free]. max (5 m)} <1G
If the remaining disk space is less than 1 GB in the last five minutes

V. min

(Sec | # num, <time_shift>) defines the maximum value of an item within the evaluation period.
Second or # NUM-the unit of second during the evaluation period or the value collected as the latest (starting with a well number). float, int

VI. Example

{Www.111cn.net. if. in [eth0, bytes]. min (5 m)}> 20 M
If the input network card of eth reaches the minimum value of 20 MB in 5 minutes

{Www.111cn.net. load [all, avg1]. last (0)}> 5 | {www.111cn.net. load [all, avg1]. min (10 m)}> 2
The latest load minimum value is triggered if it exceeds 5 or exceeds 2 in 10 minutes.

{Www.111cn.net: system. cpu. load [all, avg1]. min (5 m)}> 10 & {www.111cn.net: system. cpu. load [all, avg1]. time (0)}> 000000 & {www.111cn.net: system. cpu. load [all, avg1]. time (0) }< 060000
If the host is loaded for 5 minutes during the period from to, an alarm is triggered if the minimum value is greater than 10.

{Www.111cn.net. cpu. load. min (#30)}> 7
Triggered when the minimum value of the last 30 values of cpu load is greater than 7

VII. nodata

Check whether data is received
When the return value is 1, it indicates that no data is received at the specified interval (the interval should not be less than 30 s), and 0 indicates other conditions.

VIII. Example

{Www.111cn.net. tick. nodata (5 m)} = 1
If the value is 1 in five minutes (no data is received),

{Www.111cn.net. agent. ping. nodata (5 m)} = 1
If ping does not receive data in the last five minutes