Zabbixカスタムトリガー構文

Zabbix Custom Trigger Syntax

Zabbixトリガーの構文は次のとおりです。

{:.()}

テンプレートアプリZabbixエージェントテンプレートでホストpingモニタリングのトリガーを使用して、次のことを説明します。

{TemplateAppZabbixAgent:agent..nodata(5m)}=agent.5m and the parameters used by the method

Zabbixでサポートされている機能については、公式Webサイトを参照してください。 https://www.zabbix.com/documentation/2.2/manual/appendix/triggers/functions

1.abschange Parameter: Ignore Support type: float, int, str, text, log Function: Returns the absolute value of the difference between the most recently obtained value and the previously obtained value. For the string type: 0 means equal, 1 means different

2.avg Parameters: seconds or #num Support type: float, int role: return the average value over time Examples: avg(5): the average of the last 5 seconds avg(#5): represents the average value of the last 5 times avg(3600,86400): represents the average value of one hour before one day If there is only one parameter, it means the average value of the specified time, from now on, if there is a second parameter, it means drift, and the time is calculated from before the second parameter, #n indicates the value of the last n times

3.change Parameter: Ignore Support type: float, int, str, text, log Role: Returns the difference between the most recently obtained value and the previously obtained value, for the string 0 means equal, 1 means different Examples: change(0)>n: Ignore the parameter and generally enter 0, indicating that the difference between the last value and the previous value is greater than n

4.count Parameters: seconds or #num Support type: float, int, str, text, log Function: return the statistics of the value in the specified time interval, Examples: count(600) The number of values ​​obtained in the last 10 minutes count(600,12) The number of values ​​obtained in the last 10 minutes is equal to 12 count(600,12,'gt') The number of values ​​obtained in the last 10 minutes is greater than 12 count(#10,12,'gt') of the last 10 values, the number of values ​​greater than 12 count(600,12,'gt',86400) The number of values ​​greater than 12 in 10 minutes before 24 hours count(600,6/7,'band')-thenumberofvaluesforlast10minuteshaving'110'(inbinary)inthe3leastsignificantbits. count(600,,,86400) The number of data values ​​in 10 minutes before 24 hours The first parameter: specify the time period The second parameter: sample data The third parameter: operating parameters The fourth parameter: drift parameter #Supported operation types eq: equal ne: not equal gt: greater than ge: greater than or equal to lt: less than le: less than or equal to like: content matching

5.date parameter: ignored Support type: any Function: return the current time, format YYYYMMDD

6.dayofmonth Returns the current day of the month

7.dayofweek Returns the current day of the week

8.delta Parameters: seconds or #num Support type: float, int Function: return the difference between the maximum value and the minimum value in the time interval

9.diff parameter: ignored Supported value types: float, int, str, text, log Effect: The return value is 1 indicating that the most recent value is different from the previous value, and 0 is otherwise

10.fuzzytime Parameters: seconds Supported value types: float, int Function: The return value of 1 means that the timestamp of the monitored item value is more than N seconds of ZabbixServer time, and 0 is other. Often use system.localtime to check whether the local time is the same as Zabbixserver time.

11.last parameter: seconds or #num Supported value types: float, int, str, text, log Effect: The most recent value, if it is seconds, it is ignored, #num indicates the most recent Nth value, please note that the current #num and other functions #num mean that different last(0) is equivalent to last(# 1) last(#3) means the most recent third value (not the last three values) This function also supports the second parameter **time_shift**, for example, last(0,86400) returns the most recent value one day ago If multiple values ​​exist in the same second in history, Zabbix does not guarantee the exact order of the values #num is supported since Zabbix 1.6.2, timeshift is supported since 1.8.2, you can query the avg() function to get its usage

12.logeventid Parameter: stringSupported value type: log Description: Check whether the EventID of the most recent log entry matches a regular expression. The parameter is a regular expression, POSIX extended style. When the return value is 0, it means no match, and 1 means a match. This function has been supported since Zabbix 1.8.5.

13.logseverity Parameter: Ignore Supported value type: log Description: Returns the log level of recent log entries (logseverity). When the return value is 0, it indicates the default level, and N is the specific corresponding level (integer, commonly used in Windowseventlogs). The Zabbix log level is derived from the Information column of Windowseventlog.

14.logsource Parameter: stringSupported value type: log Description: Check whether the most recent log entry matches the log source of the parameter. When the return value is 0, it indicates a mismatch, and 1 indicates a match. The field is used for monitoring Windowseventlogs. For example, logsource['VMWareServer']

14.max Parameters: seconds or #num Supported value types: float, int Description: Returns the maximum value of the specified time interval. The time interval as the first parameter can be seconds or the number of collected values ​​(prefix is ​​#). Starting from Zabbix1.8.2, the function supports the second Select the parameter time_shift, you can view the avg() function to get its usage.

15.min Parameters: seconds or #num Supported value types: float, int Description: Returns the minimum value of the specified time interval. The time interval as the first parameter can be seconds or the number of collected values ​​(prefix is ​​#). Starting from Zabbix1.8.2, the function supports the second Select the parameter time_shift, you can view the avg() function to get its usage.

16.nodata Parameters: seconds Support value type: any Description: When the return value is 1, it means that the specified interval (the interval should not be less than 30 seconds) does not receive data, and 0 means other.

17.now Parameter: Ignore Support value type: any Description: Returns the number of seconds from Epoch (00:00:00 UTC on January 1, 1970)

18.prev Parameter: Ignore Supported value types: float, int, str, text, log Description: Returns the previous value, similar to last(#2)

19.regexp Parameters: The first parameter is string, the second parameter is seconds or #num Supported value types: str, log, text Description: Check whether the most recent value matches the regular expression. The regular expression of the parameter is the POSIX extended style. The second parameter is the number of seconds or the number of collected values. Multiple values ​​will be processed. This function is case sensitive. When the return value is 1, it means found, 0 is other

20.str Parameters: The first parameter is string, the second parameter is seconds or #num Supported value types: str, log, text Description: Find the string in the most recent value. The first parameter specifies the search string, which is case sensitive. The second optional parameter specifies the number of seconds or the number of collected values, and multiple values ​​will be processed. When the return value is 1, it means found, 0 is other

21.strlen Parameters: seconds or #num Supported value types: str, log, text Description: Specify the string length (not bytes) of the most recent value, the parameter value is similar to the last function. For example, strlen(0) is equivalent to strlen(#1), strlen(#3) means the most recent third value, strlen (0,86400) indicates the most recent value one day ago. This function has been supported since Zabbix 1.8.4

22.sum parameter: seconds or #num Supported value types: float, int Description: Returns the sum of the values ​​collected in the specified time interval. The time interval as the first parameter supports seconds or the number of collected values ​​(starting with #). Starting from Zabbix1.8.2, this function supports time_shift as the second parameter. You can view the avg function to get its usage

23.time parameter: ignored Support value type: any Description: Returns the current time, the format is HHMMSS, such as 123055

パラメータについては、公式ウェブサイトを参照してください。 https://www.zabbix.com/documentation/2.2/manual/config/triggers/suffixes

一般的に使用される時間パラメータは次のとおりです。

s - seconds (when used, works the same as the raw value) m - minutes h - hours d - daysw - weeks

容量パラメータの使用もサポートします。

K - kilo M - mega G - giga T - tera

たとえば、パラメータの同等の変換であるパラメータ1のパラメータは、パラメータ2のパラメータに同等に置き換えることができます。

Parameter 1: {host:zabbix[proxy,zabbix_proxy,lastaccess]}>120{host:system.uptime[].last(0)}<86400{host:system.cpu.load.avg(600)}2m {host:system.uptime.last(0)}<1d {host:system.cpu.load.avg(10m)}<10

Zabbixトリガーのロジック構文については、公式Webサイトを参照してください。 https://www.zabbix.com/documentation/2.2/manual/config/triggers/expression

オペレーターの公式ウェブサイトの説明：

＃式にさらに多くの関数を含めることができます：

合計（600） ：すべての値の合計が600秒以内に受信されたことを示します

合計（＃5） ：最後の5つの値の合計を示します

最近取得した5つの値が3、7、2、6、5の場合

最後（＃2） 戻るだろう 7

最後（＃5） 戻るだろう 5 。

1、パラメータを無視する関数でもパラメータを指定する必要があります。例：last（0）

公式サイトのこの文は理解されていませんが、パラメータを無視できる関数には偶数を割り当てる必要があるのではないでしょうか。

2、avg、count、last、min、およびmax関数は、追加の2番目のtime_shiftパラメーターをサポートします。このパラメーターを使用すると、過去のある期間のデータを参照できます。たとえば、avg（1h、1d）は、1日前の1時間の平均値を返します。

avg、count、last、min、およびmax関数は、追加の2番目のtime_shiftパラメーターをサポートします。このパラメーターは、過去のデータを参照として使用して、期間にすることができます。たとえば、avg（1h、1d）は、前日の同じ時間の平均を返します。 A

3、トリガーは履歴情報のみを評価します。履歴が利用できない場合（特にタイムシフトに関連する場合）、トレンド情報は使用されないため、少なくともトリガー機能が期待する期間、履歴を保持する必要があります。

公式ウェブサイト表現の例：

例1：

Trigger name: Processor is loaded too high on www.zabbix.com {www.zabbix.com:system.cpu.load[all,avg1].last(0)}>5 Trigger description: www.zabbix.com: host name system.cpu.load[all,avg1]: item value, average load value of cpu within one minute last(0): latest value>5: latest value is greater than 5 As shown above, the monitoring item of www.zabbix.com, if the latest CPU load value is greater than 5, then the expression will return true, so that the trigger state changes to 'problem'.

例2：

()}>|{www.zabbix.com:system.cpu.load[all,avg1].min(10m)}> If the current CPU load is greater than 5 or the CPU load in the last 10 minutes is greater than 2, then the expression will return true.

例3：

Trigger name: /etc/has been changed using function.cksum[/etc/].()}> The latest checksum of /etc/passwd is different from the last checksum obtained. The expression will return true. We can use the same method to monitor important system configuration files, such as /etc/, /etc/inetd.conf, etc. These zabbix will generally come with you, add it if you don't bring it.

例4：

Trigger name: Someone is downloading a large. [eth0,bytes].min(5m)}>100K The current host network card eth0 received more than 100KB of traffic in the last 5 minutes, then the trigger expression will return true

例5：

()}=& {smtp2.zabbix.com:net.tcp.service[smtp].()}= When the SMTP servers on both smtp1.zabbix.com and smtp2.zabbix.com are offline, the expression will return true.

例6：

)}= If the current zabbix agent version contains beta8 (assuming the current version is 1.0beta8), this expression will return true.

例7：

)}> The above expression indicates that the host zabbix.zabbix.com has been unreachable more than 5 times in the last 30 minutes.

例8：

Trigger name: No heartbeats within= Tick ​​is Zabbix trapper type, first we have to define an item of type Zabbix trapper, key is tick. We use zabbix_sender to send data to tick regularly. If the data sent by zabbix_sender has not been received within 3 minutes, the expression returns a true value, and at the same time the value of the trigger becomes 'PROBLEM'.

例9：

Trigger name: CPU activity at night using function>&{zabbix:system.cpu.load[all,avg1].()}>&{zabbix:system.cpu.load[all,avg1].()}
例10：
Trigger name: Check client is local with Zabbix server) == If the current server time of the host MySQL_DB differs from the time of zabbix server by more than 10 seconds, the expression returns true and the trigger state changes to 'problem'
例11：
Trigger name: Comparing average load today with average load of the same/{server:system.cpu.load.avg(1h,1d)}> This expression will fire the average load of the hour tops the average load of the same hour yesterday than two times. The latest one-hour average load peak exceeds yesterday's same period indicator twice for alarm
 
 
ヒステリシスの特性（ヒステリシス、ヒステリシス）：
 
簡単に言えば、トリガー状態が問題に変化するための条件が必要であり、問​​題から戻るための条件が必要です。通常、トリガーは、トリガー条件が満たされない場合にのみ回復できます。理解する？わからない場合は、例を見てください。トリガーは、さまざまな状態を表すためにさまざまな条件を使用する必要がある場合があります。公式ウェブサイトの興味深い例として、機器室の温度は通常15〜20°で安定しています。温度が20°を超えると、トリガー値に問題があります。現在の状況では、温度がこの温度の間にある場合、トリガー値のみがFALSEになります。 （ゆっくりと理解してください。この式は少し丸いです）この効果を実現するには、次のトリガー式を使用する必要があります。
 
例1：
Trigger name: Temperature=&{server:temp.()}>)|=={server:temp.()}<) Note: The macro variable {TRIGGER.VALUE} will return the current trigger value
例2：
Trigger name: Free disk space is low Problem: The remaining disk space in the last 5 minutes is less than 10GB. Recovery: Disk space is greater than 40GB in the last 10 minutes ({TRIGGER.VALUE}=0&{server:vfs.fs.size[/,free].max(5m)}<10G) | ({TRIGGER.VALUE}=1&{server:vfs.fs.size[/,free].min(10m)}<40G)
 
この記事はMr_chen51CTOブログ、元のリンクから転送されます：http：//blog.51cto.com/metis/1953326、再版が必要な場合は、元の著者に連絡してください