Zabbix Trigger Function Analysis

1. Trigger Configuration Properties

Name Tirgger, which can support macros: {HOST. HOST}, {host.name},

Expression: logical regular expression for calculation of trigger state

Multiple problem events Generation

Description description of the trigger

URL: General settings available macros are-{trigger.id}

Severity:not Classified unknown installation level gray

Information General Information Bright Green

Warning warning message Yellow

Average general fault Orange

High Advanced fault Red

Disaster fatal fault bright red

2, Trigger alarm dependence

Alarm dependency refers to the existence of an event that relies on another event to be established.    This situation is suitable for the complex logic of the business, for example, an IDC router failure, all the machines in the room will be due to the state is not available to generate alarms, but as a manager, and do not want to receive all the failure at the same time, only need to receive a valid alarm "XXX IDC Computer room router x failure, will affect the use of the entire computer room "

3, Trigger in the regular unit

S:seconds

M:minutes

H:hosts

D:days

W:weeks

K:kilo

M:mega

G:giga

T:tera

P:peta

E:exa

Z:zetta

Y:yotta

For example: The following statement:

{host:zabbix[proxy,zabbix_proxy,lastaccess]} > 120

{host:system.uptime[].last (0)} < 86400

{HOST:SYSTEM.CPU.LOAD.AVG} < 10

Can be written as:

{host:zabbix[proxy,zabbix_proxy,lastaccess]} > 2m

{host:system.uptime[].last (0)} < 1d

{Host:system.cpu.load.avg (10m)} < 10

A function's formal parameter refers to a function that can receive different parameters.

In formal parameters, "#" has different meanings in different functions, for example:

SUM (600) represents the sum of the values obtained in the last 600 seconds.

SUM (#5) indicates a recent fetch of 5 worthwhile and

Last (#5) returns the 5th value given, the earliest value of the time is the first one. For example: A value of 7,last (#5) for a value of 3, 7, 2, 6, 5,last (#2) is 5

Last (0), which is the final value, and 0 is the parameter.

4. Trigger function

(1) Abschange

Description: Returns the absolute value of the most recently acquired values and the previous difference. For string types, 0 means equal values and 1 means different values.

For example: {server.vfs.fs.size[/,free].abschange (10m)}<10, indicated in the server device, the key value {{Server.vfs.fs.size[/,free] The last obtained value and the difference in the first 10 minutes is 10, the result may be the most recent value is larger than before, it may be smaller than the previous value, that is, from 10 to 0, then to 10 range, can be called Jitter value or error range.

(2) Avg

Parameter: Seconds or #num

Supported value types: float and int

Description: Returns the average of the specified time interval

For example: {Server:vfs.fs.size[/,free].avg (#5, 10m)} < 50G, which means that in the server device, the key value Vfs.fs.size[/,free] in the last 10 minutes, the average value of the last 5 times is less than 50G.

(3) Change

Description: Returns the most recently obtained value compared to the previously worthwhile value, for string types, 0 for equal values and 1 for different values.

(4) Count

Parameter: Seconds or #num

Description: Returns the numeric statistics for the specified time interval. The time interval can be set by the first parameter to time or to collect a worthwhile number.

Instance:

COUNT (600): The last 10 minutes worth the count

Count (600,12): The last 10 minutes value equals the number of 12

Count (600,12, "GT"): The number of the last 10 minutes value is greater than 12

Count (#10, "GT"): The number of the most recent 10 values is greater than 12

(5) Date

Supported Value types: All (Any)

Description: Returns the current date

(6) DayOfMonth

Description: Returns the current day of the month (numeric range is 1-31)

(7) DayOfWeek

Returns the current day of the week, Monday is 1, Sunday is 7

(8) Delta

Parameter: Seconds or #num

Description: Returns the maximum and minimum values for the specified time interval. The time interval is the first parameter, which can be a second or a collection of worthwhile numbers.

For example: {Switch:net.if.in[eth0].delta (10m)} > 10M, which represents the interface of device switch eth0 in the last 10 minutes, the difference between the maximum and minimum values is greater than 10M, that is, the failure occurred.

(9) Diff

Supported value types: Float int str text and log

Description: The return value is 1, which indicates that the most recent value differs from the previous value, and 0 is a different condition.

For example: {windows:agent.version.diff (0)} > 0, indicates that the agent.version of the device Windows differs from the previous value in the last value.

(Ten) Fuzzytime

Parameter: Seconds

Supported value types: float and int

Description: Returns a value of 1, which indicates that the monitoring item is worth time-stamped than Zabbix-server for n seconds, and 0 for other cases. System.localtime is often used to check whether local time is the same as zabbix-server time.

(one) Iregexp

Arguments: The first is a string, the second is a second or a #num

Supported value types: str, log, text

Description: Similar to RegExp, the difference is case insensitive

() Last

Parameter: Seconds or #num

Supported value types: float, int, str, text, and log

Description: The most recent value, if it is seconds, is ignored, #num表示最近第N个值

Example:

Last (10) equivalent to (#1)

Last (#3) indicates that the most recently acquired monitoring item is worth a third value

For example: {mysql:mysql.ping.last (#3, 5m)} = 0, which means that the third value of the device MySQL in the last 5 minutes results in 0, that is, the failure occurred.

(Logeventid)

Parameter: string

Supported Value types: Log

Description: Checks whether the event ID of the most recent log entry matches the regular expression. Parameters are regular expressions, POSIX extended styles. When the return value is 0 o'clock, the mismatch is indicated, and 1 indicates a match.

(logseverity)

Supported Value types: Log

Description: Returns the log level of the most recent log entry. When the return value is 0 o'clock, indicates the default level

(Logsource)

Supported Value types: Log

Description: Checks whether the most recent log entry matches the log source for the parameter. When the return value is 0 o'clock, the mismatch is indicated, and 1 indicates a match. Typically used for Windows event logs monitoring, for example: logsource["VMWare Server"]

(+) Max

Parameter: Seconds or #num

Contempt: Returns the maximum value for the specified time interval. Time interval as the first parameter, you can make a second or collect a worthwhile number.

For example: {Ftpserver:net.tcp.service[ftp].max (#3)} = 0, which means that the key in device Ftpserver is net.tcp.service[ftp] and the maximum value obtained in the last 3 times is 0, it is considered a failure.

(+) min

Description: Returns the minimum value for the specified time interval.

For example: {gateway:icmppingloss.min (5m)} > 20, which indicates that the gateway device has obtained a minimum value of 20 in the last 5 minutes with icmppingloss within 5 minutes, that is, the failure occurred.

NoData (+)

Description: When the return value is 1 o'clock, represents the specified interval, no data is received, and 0 indicates other conditions.

For example: {v.itnihao.com:agent.ping.nodata (5m)} = 1, indicates that the agent.ping of the device v.itnihao.com has not received data in the last 5 minutes, that is, a failure occurred.

(+) Now

Description: Returns the number of seconds from the epoch time

(Prve)

Supported value types: Float int str text and log

Description: Returns the previous value, similar to last (#2)

(regexp)

Description: Checks whether the nearest value matches a regular expression, the regular expression for the parameter is a POSIX extended style, the second parameter is a number of seconds, or the number of phones is worth, and multiple values will be processed. This function is case-sensitive. When the return value is 1 o'clock, the expression is found, and 0 indicates another condition.

(+) str

Parameters: The first argument is a string, the second argument is a second or a #num.

Supported value types: str log text

Description: Finds the string in the nearest value. The first parameter specifies a string to find. Case sensitive. The Second optional parameter specifies the number of seconds or the number of values to collect, and it will handle more than one value. When the return value is 1 o'clock, the expression is found, and 0 is the other case.

For example: {tomcat:jmx["catalina:type=protocolhander,port=8080", Compression].str (OFF)} = 1, indicating found, 0 for other cases

(strlen)

Parameter: Seconds or #num

Supported value types: str, log, text

Description: Specifies the most recent value of the string length, the parameter value is similar to the last function, for example: strlen (0) is equivalent to strlen (#1), Stelen (#3) represents the most recent third, strlen (0,86400) represents the nearest value a day ago.

() sum

Parameter: Seconds or #num

Supported value types: float and int

Description: Returns the sum of the values collected in the specified time interval. The time interval is the first parameter that supports seconds or collects a worthwhile number.

(+) Time

Description: Returns the current time, formatted as HHMMSS, for example: 123055

This article is from the "Chuck's blog" blog, so be sure to keep this source http://chuckzeng.blog.51cto.com/10524728/1835654

Zabbix Trigger Function Analysis