0

I have a problem with Zabbix and logstash alerts. I am currently sending logstash logs that are errors or warnings to zabbix via their plugin. However on Zabbix. I want to create a trigger for the data being sent.

Currently I have something like this set up for one of my triggers:

{Host Template:logstash.found.regexp(invalid user)}=1 & {Host Template:logstash.found.nodata(10m)}=0

However, it configured like this is if it finds an error alert. I want to make it so if its doing it multiple times alert. Like if the message is there 10 times alert over the last 10m.

If anyone has done something for this, your help would be greatly appreciated.

Nvasion
  • 213
  • 1
  • 2
  • 6

1 Answers1

1

Like if the message is there 10 times alert over the last 10m.

This can be accomplished using the count() function:

{host:item.count(10m,"invalid user","like")} >= 10
asaveljevs
  • 1,143
  • 6
  • 8
  • You know I saw that but it said integer/float so I ignored it but this works awesome. Thanks a lot. – Nvasion May 13 '15 at 21:30