New Feature Request
First of all, our use case.
We use Zabbix for monitoring our Windows servers. So, our template includes items like the following:
The main idea is to inform the appropriate person about any significant messages in Windows Event Log.
The main problem is to define the term "significant message" technically, because:
- there are some messages with level=Error that could be safely ignored;
- there are some messages with level=Warning that really are very important (for example, messages from a RAID Controller about a failed disk).
So, in practice our trigger expressions are complex enough. Often they have logic like the following:
It could be great if some of this logic be available in preprocessing: for example, if (source='Source1' AND eventid='1111') then just discard a value. It could dramatically simplify our trigger expressions.
Unfortunately, at the moment all these Event Log's metadata (EventID, Source, Severity, original timestamp) could not be accessible during a preprocessing stage.