Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-8822

trigger function dynamically count the occurrence of latest value

XMLWordPrintable

    • Icon: Change Request Change Request
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 6.4.8
    • Server (S)

      A proposal to have a trigger function capable of working with the latest value and looking back in a time frame to aggregate how many occurrences of this metric happened in the time frame.

      For example, data input (newest on top):

            time value
==========#=====
1600000150 one
1600000140 two
1600000130 three
1600000120 three
1600000110 two
1600000090 one
1600000080 one
1600000070 two
1600000060 three
1600000050 three

      With the existing syntax and function "count", the idea can be represented as:

      count(/host/key,5m,"eq",{ITEM.LASTVALUE}) > 5

      The trigger title would have the pointer which exact value is dominating:

      {ITEM.LASTVALUE} occured more than 5 times

      However, {ITEM.LASTVALUE} build-in macro is not supported inside the function "count".

      Would it be possible to support or implement another trigger function?

      The use case can be related:

      • How many users fail to log into server. Active directory monitoring
      • Failed IP addresses per SSH login
      • Terminal server failed logins per user/computer object
      • Brute force attack

            zabbix.dev Zabbix Development Team
            aigars.kadikis Aigars Kadikis
            Votes:
            5 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: