按相关对象和主机名过滤zabbix事件

【问题标题】:Filter zabbix events by related object and host name按相关对象和主机名过滤zabbix事件
【发布时间】:2018-02-08 08:54:42
【问题描述】:

我正在尝试使用 event.get 方法来选择最近的事件并通过相关的对象描述和主机名过滤它们。

示例请求(没有主机名和相关对象描述过滤器)

{
    "jsonrpc": "2.0",
    "method": "event.get",
    "params": {
        "time_from": "1518016133",
        "filter": {
          "value": 1
        },
        "selectRelatedObject": ["description"],
        "selectHost": ["name"]
    },
    "id": 2,
    "auth": "474aeddd05bb5e5f7fc0e7267fbd2sd6"
}

示例响应

{
    "jsonrpc": "2.0",
    "result": [
        {
            "eventid": "24397263",
            "source": "0",
            "object": "0",
            "objectid": "98218",
            "clock": "1518016248",
            "value": "1",
            "acknowledged": "0",
            "ns": "850595734",
            "hosts": [
                {
                    "hostid": "11513",
                    "name": "OS-1-LIVE"
                }
            ],
            "relatedObject": {
                "triggerid": "98218",
                "description": "No response"
            }
        }
    ],
    "id": 2
}

我尝试将以下内容添加到过滤器块中(一次一个)

"hosts.name": "TEST"
"hosts[name]": "TEST"
"selectHosts.name": "TEST"
"selectHosts[name]": "TEST"
"relatedObject.description": "TEST"

但它们都不起作用。 (仍然返回所有结果)

是否可以通过相关对象和主机名过滤事件?

Zabbix API 版本 3.0.14

【问题讨论】:

    标签: zabbix


    【解决方案1】:

    经过更多研究后编辑。

    event.get 的参数仅适用于event object:您可以根据值、已确认、hostids、groupids 等进行过滤,但不能使用它来按主机名过滤输出。

    您可以使用 hostids 参数(请参阅API),但您必须先调用 API 才能将目标主机名转换为主机 ID。

    或者您也可以仅使用selectHosts = 'extend',它将返回一个事件和主机列表以及一个时间范围内的完整详细信息,然后迭代结果并根据您的条件进行过滤。

    第一个需要更多的 API 调用,但我认为它更优雅。第二个将返回特定时间范围内所有主机的所有事件,然后您必须过滤掉所有不需要的事件。

    带有 hostid 过滤的 Python 示例:

    hostId = zapi.get_id('host', item="TEST host name")
eventObj = zapi.event.get(time_from=1515771918, hostids=hostId, value="1", selectHosts='extend')

for event in eventObj:
    for host in event['hosts']:
        # filter by host['description'] or any other host value

    没有 hostid 过滤的 Python 示例:

    eventObj = zapi.event.get(time_from=1515771918, value="1", selectHosts='extend')

for event in eventObj:
    for host in event['hosts']:
            # filter by host['name'] or host['description'] or any other host value

    在这两种情况下,扩展输出都会为每个事件提供完整的主机信息:

    [
    {
        "acknowledged": "0", 
        "c_eventid": "0", 
        "clock": "1515773211", 
        "correlationid": "0", 
        "eventid": "2738610", 
        "hosts": [
            {
                "available": "0", 
                "description": "Host description", 
                "disable_until": "0", 
                "error": "", 
                "errors_from": "0", 
                "flags": "0", 
                "host": "192.168.1.1", 
                "hostid": "10283", 
                "ipmi_authtype": "-1", 
                "ipmi_available": "0", 
                "ipmi_disable_until": "0", 
                "ipmi_error": "", 
                "ipmi_errors_from": "0", 
                "ipmi_password": "", 
                "ipmi_privilege": "2", 
                "ipmi_username": "", 
                "jmx_available": "0", 
                "jmx_disable_until": "0", 
                "jmx_error": "", 
                "jmx_errors_from": "0", 
                "lastaccess": "0", 
                "maintenance_from": "0", 
                "maintenance_status": "0", 
                "maintenance_type": "0", 
                "maintenanceid": "0", 
                "name": "Your device name or hostname", 
                "proxy_hostid": "0", 
                "snmp_available": "1", 
                "snmp_disable_until": "0", 
                "snmp_error": "", 
                "snmp_errors_from": "0", 
                "status": "0", 
                "templateid": "0", 
                "tls_accept": "1", 
                "tls_connect": "1", 
                "tls_issuer": "", 
                "tls_psk": "", 
                "tls_psk_identity": "", 
                "tls_subject": ""
            }
        ], 
        "ns": "259800604", 
        "object": "0", 
        "objectid": "15177", 
        "r_eventid": "2738613", 
        "source": "0", 
        "userid": "0", 
        "value": "1"
    }, 

    -- other events -- 

]

    您可以使用 selectHosts 来限制通过使用属性数组代替“扩展”来检索的值:

    eventObj = zapi.event.get(time_from=1515771918, hostids=hostId, value="1", selectHosts=['description', 'status', 'host'])

    此请求将返回具有此主机格式的事件:

     {
        "acknowledged": "0", 
        "c_eventid": "0", 
        "clock": "1516502139", 
        "correlationid": "0", 
        "eventid": "2768212", 
        "hosts": [
            {
                "description": "Test server for API experiments", 
                "host": "Test Server", 
                "hostid": "10270", 
                "status": "0"
            }
        ], 
        "ns": "536030065", 
        "object": "0", 
        "objectid": "14920", 
        "r_eventid": "0", 
        "source": "0", 
        "userid": "0", 
        "value": "1"
    },

    【讨论】:

    • 一个小提示:selectRelatedObject 指的是创建事件的触发器,而不是宿主!
    • 为了清楚起见,如果在我的示例中使用 selectHosts = 'TEST' 那么我只会从该主机获取事件?
    • 是的,与eventObj = zapi.event.get(time_from=1515771918, filter=filterObj, selectHosts='Test') 相同的python snip 将返回N 个事件,例如: { "acknowledged": "0", "c_eventid": "0", "clock": "1515773211", "相关ID:“0”,“事件ID”:“2738610”,“主机”:[{“主机ID”:“10283”}],“NS”:“259800604”,“对象”:“0”,“对象ID” :“15177”,“r_eventid”:“2738613”,“source”:“0”,“userid”:“0”,“value”:“1”},
    • Mhh 等等,我在没有扩展模式的 selectHost 上有一个奇怪的行为,需要检查一下
    • 好的,找到了:可以定义为属性名称数组以仅返回特定属性,也可以定义为预定义值之一:extend - 返回所有对象属性; count - 返回检索到的记录数,仅受某些子选择支持。我将编辑更多详细信息的答案
    【解决方案2】: 
    """
Shows a list of all current issues (AKA tripped triggers)
"""
from datetime import datetime
import time
from pyzabbix import ZabbixAPI

# The hostname at which the Zabbix web interface is available
ZABBIX_SERVER = 'http://192.168.***.***/zabbix'

zapi = ZabbixAPI(ZABBIX_SERVER)

# Login to the Zabbix API
zapi.login('***', '***')

# Get a list of all issues (AKA tripped triggers)   
 triggers = zapi.trigger.get(only_true=1,
                                skipDependent=1,
                                monitored=1,
                                active=1,
                                filter={"value": 1},
                                output='extend',
                                expandDescription=1,
                                selectHosts=['name'],
                                sortfield=['lastchange'],
                                sortorder='ASC',
                                )
    
    # Do another query to find out which issues are Unacknowledged
    unack_triggers = zapi.trigger.get(only_true=1,
                                      skipDependent=1,
                                      monitored=1,
                                      active=1,
                                      output='extend',
                                      expandDescription=1,
                                      selectHosts=['host'],
                                      withLastEventUnacknowledged=1,
                                      )
    def seconds_to_dhms(time):
        seconds_to_minute   = 60
        seconds_to_hour     = 60 * seconds_to_minute
        seconds_to_day      = 24 * seconds_to_hour
        seconds_to_month    = 30 * seconds_to_day    
        seconds_to_year     = 12 * seconds_to_month
        
    
        years   =   time // seconds_to_year
        time    %=  seconds_to_year
        
        month   =   time // seconds_to_month
        time    %=  seconds_to_month
        
        days    =   time // seconds_to_day
        time    %=  seconds_to_day
    
        hours   =   time // seconds_to_hour
        time    %=  seconds_to_hour
    
        minutes =   time // seconds_to_minute
        time    %=  seconds_to_minute
    
        seconds = time
        
        if (seconds >= 0) and (minutes == 0) and (hours == 0) and (days == 0) and (month == 0) and (years == 0):
            return("%d seconds" % (seconds))   
        elif (seconds >= 0) and (minutes >= 1) and (hours == 0) and (days == 0) and (month == 0) and (years == 0):
            return("%d minutes : %d seconds" % (minutes, seconds))    
        elif (seconds >= 0) and (minutes >= 0) and (hours >= 1) and (days == 0) and (month == 0) and (years == 0):
            return("%d hours : %d minutes" % (hours, minutes))   
        elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 1) and (month == 0) and (years == 0):
            return("%d days : %d hours" % (days, hours))
        elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 0) and (month >= 1) and (years == 0):
            return("%d month : %d days" % (month, days))   
        elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 0) and (month >= 0) and (years >= 1):
            return("%d year : %d month" % (years, month))       
        else:    
            return("%dm:%dd:%dh:%dm:%ds" % (month, days, hours, minutes, seconds)) 
            
    # Print a list containing only "tripped" triggers
    for t in triggers:
        if int(t['value']) == 1:
            time_period=int(time.mktime(datetime.now().timetuple())) - int(t['lastchange'])
            
            hostss=zapi.host.get(hostids=t['hosts'][0]['hostid'], output = ['hostid','host','name'], selectInterfaces=['ip','port','dns'])   
            for i in hostss:
                print("-----")
                print("{0}\n{1}\n{2}\n{3}".format(t['hosts'][0]['name'],i['interfaces'][0]['ip'], t['description'], seconds_to_dhms(time_period)))

    【讨论】:

    • 正如目前所写,您的答案尚不清楚。请edit 添加其他详细信息,以帮助其他人了解这如何解决所提出的问题。你可以找到更多关于如何写好答案的信息in the help center
    猜你喜欢
    • 1970-01-01
    • 2013-05-06
    • 1970-01-01
    • 2010-09-20
    • 2019-02-14
    • 2017-07-02
    • 2018-11-18
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode