-
Type:
New Feature Request
-
Resolution: Unresolved
-
Priority:
Trivial
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
Is it possible to move 'filters' down from the discovery_rules[].item[].filter to discovery_rules[].item[].item_prototype[].filter
Reason i ask is simple. I have a single discovery rule giving a list of available macros:
discovery_rules:
# License Feature Discovery
- uuid: d4f4a7d0e4d04102b7092c4b8d7b8fe1
name: "Licensed Features Discovery"
type: SNMP_AGENT
snmp_oid: >-
discovery[
\{#GAV_LICENSE},1.3.6.1.4.1.8741.1.3.1.7.0,
\{#IPS_LICENSE},1.3.6.1.4.1.8741.1.3.1.9.0,
\{#IDS_LICENSE},1.3.6.1.4.1.8741.1.3.1.10.0,
\{#ASW_LICENSE},1.3.6.1.4.1.8741.1.3.1.8.0,
\{#MAIL_LICENSE},1.3.6.1.4.1.8741.1.3.1.6.0
]
key: "gav.discovery"
delay: "1h"
lifetime: "1d"
# item_prototypes go here
I would like to use this single discovery rule, to automatically create nested items, like so:
# discovery rule item above
item_prototypes:
- uuid: 5d1c6186-6055-4427-9fd4-afe94ff9eddc
name: "GAV Scan Count"
key: gav.scan.count
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.1.5.1.1.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#GAV_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
- uuid: 1d5a3f6b-df3a-4c5c-a403-f59a2e9f7911
name: "GAV Virus Count"
key: gav.virus.count
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.1.5.1.2.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#GAV_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
- uuid: c5cbe8ec-c7a3-4c7f-aec4-824c2c5f6230
name: "IDS Attacks Detected"
key: ids.detected.count
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.1.6.2.1.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#IDS_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
- uuid: 72dcd83e-2907-4f45-bc04-739b1b09ef23
name: "IPS Attacks Blocked"
key: ips.blocked.count
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.1.6.1.1.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#IPS_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
- uuid: 7e894d30-b420-4a56-8bb0-1261f1441b43
name: "Mail Good Allowed"
key: mail.good.allowed
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.4.2.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#MAIL_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
- uuid: 349cf9d6-8fd4-4ee8-a2d7-7481beec0cb5
name: "Mail Spam Detected"
key: mail.spam.count
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.4.3.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#MAIL_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
- uuid: 9ab3762c-0cf1-4e83-9fe7-0a9f7c79f4dc
name: "Mail Virus Detected"
key: mail.virus.detected
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.4.5.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#MAIL_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
- uuid: dbd8ae62-2d9e-4a8a-a62e-18f97c15de31
name: "Mail Total Count"
key: mail.total.count
type: SNMP_AGENT
snmp_oid: 1.3.6.1.4.1.8741.4.1.0
value_type: UNSIGNED
delay: 1h
filter:
conditions:
- macro: '\{#MAIL_LICENSE}'
value: '1'
operator: EQUALS
formulaid: A
preprocessing:
- type: DISCARD_UNCHANGED_HEARTBEAT
parameters:
- "3600"
Currently this generates an error:
Invalid tag "/zabbix_export/templates/template(1)/discovery_rules/discovery_rule(1)/item_prototypes/item_prototype(1)": unexpected tag "filter".
The above error simply means the filter method is not available at that layer. This is highly in-efficient.
Efficient flow (what i'm trying to achieve):
Q: What features are included in the license OIDs?
A: X/Y/Z features
Action: Add items for each feature
In-efficient flow (what i'm forced to deliver):
Q: Is there a feature X license availabe?
A: Y
Action: Add 1x item for X feature
Q: Is there a feature Y license availabe?
A: Y
Action: Add 1x item for Y feature
Q: Is there a feature Z license availabe?
A: Y
Action: Add 2x item for Z feature
I'm looking at having a single item, detecting all licenses, and automatically adding only the item_prototypes that are specifically licensed.