Shulou(Shulou.com)06/01 Report--

Chapter VI configuration and Management of Monitoring items

The definition and management of monitoring items (Items) in Zabbix system is very important. All monitoring indicators collect data by defining different monitoring items. Zabbix organizes and manages monitoring items through the host as a logical unit. All monitoring items must belong to a host, and there can only be one unique monitoring item in the same host.

6.1 Monitoring data

An important feature of Zabbix that is different from most other monitoring solutions is that the data collected by Zabbix from the monitored object through monitoring items is raw data, rather than alarm or status update data. In most monitoring scenarios, after monitoring data is collected through agent or other methods, the data is logically processed, and then the status of the data is sent to the server for preservation and further processing. The processing flow of the data is shown in figure 6-1 below.

Figure 6-1

The process of processing data in Zabbix will be slightly different. After monitoring data is collected by agent or other methods, it will be sent directly to the server for preservation, and then the trigger logic will judge the changes of the data and proceed to the next step of processing. The data collected in Zabbix has nothing to do with the conditions of a specific trigger (such as pass, failure, normal, warning, error, etc.). The original monitoring data is retained in the server's database, and the summary and trend of different periods, such as minimum, maximum and average, can be retained for the numerical type of monitoring item data. This is shown in figure 6-2 below.

Figure 6-2

Zabbix has two advantages in terms of separating data from decision logic:

First of all, the monitoring data collected in Zabbix is not directly related to trigger logic and alarm, so we can regard Zabbix as a pure data collector and show the data in visual ways such as graphics, which is very useful in the real environment. For example, we need to monitor traffic at each port of the switch, just to collect data to establish a baseline, assess possible bottlenecks, and provide a basis for planning to expand the network infrastructure. There are many similar situations, such as CPU utilization, storage capacity, user concurrency of specific applications, and so on.

Secondly, all the original data collected are stored in the database, rather than the monitoring data or part of the monitoring data of a monitoring item. For triggers and decision logic, you may need complete data to define exactly the types of events you want to monitor and alert, where you can associate all the historical data of the monitoring item.

The monitoring item in Zabbix can essentially be understood as an identifier (or metric) of a certain data type associated with the host. This identifier is usually a name and an associated monitoring item key, which is used to distinguish the monitoring items associated with the host among the thousands of monitoring items defined in the entire monitoring environment. The data type of the monitoring item is also very important. Zabbix specifies how to save the data and how to visualize the data through the data type (the monitoring item of the numerical type can automatically generate simple graphics, but the character type cannot generate the graph). In the trigger, you can specify which functions can be applied to the monitoring item for processing.

Recently, we have completed the recording and release of the video tutorial "zabbix 4.0", which is based on zabbix 4.2 and provides a comprehensive explanation of Zabbix. Welcome to watch. Course link: https://edu.51cto.com/sd/ce000

6.2 types of monitoring items

There are many types of monitoring items in Zabbix according to the way they are connected, that is, the monitoring methods we introduced in Chapter 3. They can be used interchangeably according to different monitoring targets, but there are also monitoring methods that cannot be replaced. In order to achieve the monitoring objectives, only a certain type, such as Zabbix aggregate monitoring mode, can be used. When monitoring items collect monitoring data, according to the direction of the data flow, we can be classified into two categories: Passive (passive) and Active (active). Passive means that the connection is initiated by Zabbix server, and Active means that the initialization connection is initiated by the monitored side. As shown in Table 6-1 below.

Table 6-1

Item type

Direction

Can be replaced with

Zabbix agent

Passive (passive)

Zabbix agent (active)

Zabbix agent (active)

Active (active)

Zabbix agent

Simple checks

Passive (passive)

Zabbix trapper

SNMP agent

Passive (passive)

Zabbix trapper

SNMP trap

Active (active)

Zabbix internal

Server monitors itself to collect data

Zabbix trapper

Active (active)

Depends on the nature of the monitoring data

Zabbix aggregate

Use the data already in the database

External checks

Passive (passive)

Zabbix trapper

Database monitor

Passive (passive)

Zabbix trapper

IPMI agent

Passive (passive)

Zabbix trapper

SSH agent

Passive (passive)

Zabbix trapper

TELNET agent

Passive (passive)

Zabbix trapper

JMX agent

Passive (passive)

Zabbix trapper

Calculate

Use the data already in the database

6.3 Key of monitoring items

When defining the Key of a monitor item, follow the format of the monitor item Key defined in Zabbix, as shown in figure 6-3 below.

Figure 6-3

Where Key is the name, and the Key name can be followed by or without parameters.

The Key name must be unique within the same host and cannot exist with the same name. The characters used in naming are limited, and only the following characters are allowed:

All the numbers (0-9)

All lowercase letters (amurz)

All capital letters (Amurz)

Underscore (_)

Dash (-)

Point (. )

This is shown in figure 6-4 below.

Figure 6-4

For example:

Vfs.fs.size [/]

Vfs.fs.size[ / opt]

Key can pass multiple parameters, which must be separated by commas. This is shown in figure 6-5 below.

Figure 6-5

Each of these parameter (parameters) can be a quoted string or an unquoted string, or an array. This is shown in figure 6-6 below.

Figure 6-6

When you want to use the default value, the parameters can also be left blank, but they must be separated by commas. For example, the interval time for ping specified in icmpping [, 200, 200 and 500 milliseconds] is 200ms, and the timeout is 500ms. Other parameters can be left blank to indicate the use of default values.

If the parameter is a quoted string, the double quotation marks used must be escaped with a backslash (\), and any Unicode character can be used between the double quotation marks.

If the argument is a string without quotation marks, any Unicode character can be used except for commas and closing square brackets.

If the parameter is an array, it needs to be enclosed in square brackets, and multiple parameters are separated by commas.

6.4 the unit of the monitoring item

The use of multiple unit (Units) symbols is supported in Zabbix. If the unit symbol is set, Zabbix will add post processing after receiving the data and display it in accordance with the set units.

By default, if the original value exceeds 1000, it is divided by 1000 and displayed accordingly. For example: the setting unit is bps, and if the value of the received data is 881764, 881.76Kbps will be displayed. When using the unit B (byte), Bps (bytes per second), it will be divided by 1024, so it will be shown in Zabbix: 1 is 1B byte, 1Bps bytes per second 1024 is 1KBhand, 1KBps 1536 is 1.5KB/1.5KBps.

The processing of time-related units includes:

Unixtime: converts the value of the received data to yyyy.mm.dd hh:mm:ss. For the conversion to be successful, the monitor data must be of a Numeric (unsigned) numeric type.

Uptime: converts the value of the received data to hh:mm:ss or N days,hh:mm:ss. For example, if the received value is 881764 (seconds), it will be displayed as 10 days, 04:56:04.

S: converts the value of the received data to yyy mmm ddd hhh mmm sss ms, in seconds. For example, the received value is 881764 (seconds), which will be displayed as 10d 4h 56m. Usually only three main units are displayed, such as 1m 15d 5h or 2h 4m 46s. If there is no day, only 1m 5h is displayed (no minutes, seconds, or microseconds). If the value received is less than 0.001, it will be displayed as

< 1ms。 Zabbix中也保留了一些单位字符如：ms、rpm、RPM和%。 6.5 自定义intervals Zabbix中每个监控项收集数据的时间间隔可以通过设置 Updateinterval（in sec）来实现，例如你可以设置为30，意味着每隔30秒就收集一次监控项的值，这种设置简单，不够灵活。因此Zabbix中提供了Flexible intervals和scheduling intervals两种方式可以灵活的设置监控项收集数据的时间。 6.5.1 Flexible intervals Flexible intervals允许为特定的时间段重新定义默认更新的时间间隔，一个flexible intervals由Interval和Period来定义。 Interval是特定时间段中更新的时间间隔。 Period是使用flexible interval的时间段。用来定义Period的格式为d-d,hh:mm-hh:mm，d为星期几，1代表星期一，2代表星期二，3代表星期三，… 7代表星期日。hh为小时，00 - 23。mm为分钟，00 - 59。例如，1-5,09:00-18:0的意思是星期一到星期五的上午9点到下午18点。也可以指定多个用分号分隔的时间段，如d-d,hh:mm-hh:mm;d-d,hh:mm-hh:mm...。例如，1-5,09:00-18:00;6-7,10:00-16:00的意思是周一到周五的上午9点到下午18点，周六和周日上午10点到下午16点。 最多可以设置7个flexible intervals，如果多个flexible intervals重叠时，将使用重叠时间段内最小的Interval值。需要注意的是如果重叠的flexible Intervals的最小值是0，这时候对监控项的数据不再进行收集。在flexible intervals定义的时间段外，使用Updateinterval（in sec）中设置的时间间隔收集数据。 如果定义的interval正好等于时间段的长度，监控项只收集一次数据。如果interval大于时间段，监控项可能会收集一次数据或一次都没有，因此不建议这种配置。如果interval小于时间段，那这个监控项最少会收集一次数据。 如果interval设置为0，那这个监控项在设置的时间段内不会收集数据。在设置的时间段结束时按照Update interval（in sec）中的时间间隔恢复对数据的收集。例如下表6-2所示。 表 6-2 Interval Period 说明 10 1-5,09:00-18:00 在工作时间内每10秒钟收集一次监控项数据 0 1-7,00:00-7:00 晚上0点到7点停止收集监控项数据 0 7-7,00:00-24:00 星期日停止收集监控项数据 60 1-7,12:00-12:01 每天12点收集一次监控项数据 6.5.2 Scheduling intervals Scheduling intervals用来在特定的时间收集监控项数据。flexibleintervals旨在重新定义默认收集监控项数据的时间间隔，而Schedulingintervals用于指定一个独立的收集监控项数据的时间表，它们是并行执行的。 一个Scheduling interval的定义格式是：mdwdhms。md为month days，wd为week days，h为hours，m为minutes，s为seconds。是用来指定特定前缀（例如days、hours、minutes、seconds）的值，它有自己的书写格式：[[-]][/][,]。格式中各参数的含义如下： 和 定义了匹配值的范围。如果 被省略时filter会匹配一个 到 的范围，如果 也被忽略了，那filter匹配所有可能的值。 定义了一个步长，默认的步长值是1，意味着在定义的范围内匹配所有的值。 filter是一个可选项，可用来定义多个匹配值。Scheduling interval中至少要定义一个filter，这个filter必须定义一个范围或步长。 有效的 和 的值如下表6-3所示。 表 6-3 前缀 说明 md Month days 1 - 31 1 - 31 Wd Week days 1 - 7 1 - 7 H Hours 0 - 23 0 - 23 M Minutes 0 - 59 0 - 59 s Seconds 0 - 59 0 - 59 的值必须小于或等于 的值， 的值必须大于或等于1，也可以小于或等于 - 的值。 单数字的month days、hours、minutes和seconds的值前面可以加0，例如 md01-31，h/02等是有效的定义，但像md01-031 和 wd01-07（week days不能加0）就是无效的定义。 在Zabbix Web前端页面中，需要使用多个Schedulingintervals时可以设置添加多行intervals。在Zabbix API中可以写成一行，每个Schedulingintervals之间需要用分号分隔。执行时如果同时和多个intervals中定义的时间都匹配，那也仅执行一次，例如wd1h9;h9只在周一早上9点执行一次，不会因定义了2个h9而执行两次。 为了更好的理解Scheduling intervals的定义，下面我们举些例子一起来看看。 m0-59 ：每分钟执行 h9-17/2 ：从9:00到17:00每2个小时执行（9:00, 11:00 …） m0,30 或 m/30 ：在每小时的hh:00和hh:30执行 m0,5,10,15,20,25,30,35,40,45,50,55或 m/5 ：每5分钟执行 wd1-5h9 ：每周一到周五9:00执行 wd1-5h9-18 ：每周一到周五的9:00、10:00、… 、18:00执行 h9,10,11 或 h9-11 ：每天的9:00、10:00和11:00执行 md1h9m30 ：每个月的第一天的9:30执行 md1wd1h9m30 ：每个月的第一天并且是周一的9:30执行 h9m/30 ：在9:00和9:30执行 h9m0-59/30 ：在9:00、9:30执行 h9,10m/30 ：在9:00、9:30、10:00、10:30执行 h9-10m30 ：在9:30、10:30执行 h9m10-40/30 ：在9:10、9:40执行 h9,10m10-40/30 ：在9:10、9:40、10:10、10:40执行 h9-10m10-40/30 ：在9:10、9:40、10:10、10:40执行 h9m10-40 ：在9:10、9:11、9:12、 … 9:40执行 h9m10-40/1 ：在9:10、9:11、9:12、 … 9:40执行 h9-12,15 ：在9:00、10:00、11:00、12:00、15:00执行 h9-12,15m0 ：在9:00、10:00、11:00、12:00、15:00执行 h9-12,15m0s30 ：在9:00:30、10:00:30、11:00:30、12:00:30、15:00:30执行 h9-12s30 ：在9:00:30、10:00:30、11:00:30、12:00:30执行 h9m/30;h20 ：在9:00、9:30、10:00执行 6.6 创建监控项 监控项可以在模板或主机中创建，建议在模板中创建，这样只需要创建一次，就可以连接到多个主机中使用。需要调整监控项的配置参数时，只需要修改一次，即可在连接该模板的主机中直接生效，降低日常维护的工作量，由此可见在模板中创建监控项的好处。 在Configuration -->

Find the template that needs to create the monitoring item in the Templates page, click the items link of the template, or find the host that needs to create the monitoring item in the Configuration-- > Hosts page, click the items link of the host, go to the items page, and click the Create item button in the upper right corner.

The following steps for creating a monitor item are described by creating a monitor item in the template:

1. Go to the items page and click the Create item button.

2. On the item configuration page, fill in the relevant information.

3. Click the Add button to save.

4. Connect the template to the host.

The monitor configuration page is shown in figure 6-7 below.

Figure 6-7

The meanings of the parameters on the monitoring item configuration page are as follows:

Name: the name of the monitoring item. You can use macro variables, or you can reference $1, $2 from Key. $9 parameter, for example: set the monitoring item name to Freedisk space on $1, if the monitoring item Key is vfs.fs.size [/, free], then the monitoring item name will become Freedisk space on / ($1 is /, $2 is free).

Type: the type of monitoring item. For details, see the monitoring methods introduced in the third chapter.

Key: the Key of the monitoring item. Please refer to the previous section 6.3. if the monitoring item type is Zabbix agent, Zabbix agent (active), Simple check, SNMP trap, Zabbix internal, Zabbix aggregate, Databasemonitor, the value of Key must be supported by Zabbix server or Zabbix agent. This Key must be unique within the same host.

Type of information: the data type saved to the database after the conversion is completed.

Numeric (unsigned): 64-bit unsigned integer.

Numeric (float): floating point numbers, the range allowed in MySQL is-99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999

Character: character or string, limited to 255bytes in Mysql, Postgresql, or Oracle.

Log:log log file. 65536 bytes are allowed in Mysql and limited to 65536 characters in Postgresql and Oracle.

Text: text. 65536 bytes are allowed in Mysql and limited to 65536 characters in Postgresql and Oracle.

Data type: used to specify different data types when Numeric (unsigned) is selected in Type of information.

Boolean: text is converted to 0 or 1 to save. TRUE is stored as 1 and false is stored as 0, and all values match in a case-insensitive manner. True, t, yes, y, on, up, running, enabled, available were identified as TRUE,false, f, no, n, off, down, unused, disabled, unavailable were identified as FALSE. In addition, any non-zero value is considered to be TRUE,0 and is considered FALSE.

Octal: octal data.

Decimal: decimal data.

Hexadecimal: hexadecimal data.

Zabbix will automatically complete the text-to-numeric conversion, and even if a host is monitored by Zabbix proxy, the conversion is done by Zabbixserver.

Units: set unit symbols, see Section 6.4 of this chapter for details.

Use custom multiplier: if enabled, all received values will be multiplied by the set integer or floating point number. Use this option to convert KB, MBps, and so on to B, Bps. Otherwise, the prefix (K, M, G, etc.) cannot be set correctly in Zabbix. Scientific counting methods, such as 1e+70, are also supported since Zabbix version 2.2.

Update interval (in sec): the interval in seconds at which data is collected by a monitoring item. If set to 0, the monitoring item will stop collecting data, and if a value other than 0 is set in Customintervals (whether flexible or scheduling), the monitoring item will collect data according to that value.

Custom intervals: customize the time for monitoring items to collect data. For more information, please see Section 6.5 of this chapter.

History storage period (in days): the number of days to keep detailed historical data in the database. Old data that exceeds the retention time is deleted by housekeeper. The value defined in this parameter can override the value set in Administration-- > General-- > Housekeeper. If the global value is set in Housekeeper, a warning message is displayed when the parameter is set. It is recommended that you set a smaller value to reduce the size of history in the database. If you want to keep a long history, you can set a longer trends save time.

Trend storage period (in days): keeps historical trend data (hourly min, max, avg, and count) in the database. Old data that exceeds the retention time is deleted by housekeeper. The value defined in this parameter can override the value set in Administration-- > General-- > Housekeeper. If the global value is set in Housekeeper, a warning message is displayed when the parameter is set. It should be noted that only data of type Numeric can be saved as trend data, such as character, log and text can not be saved as trend data.

Store value: monitor how values are saved. There are the following:

As is: do not do any processing, keep the original value.

Delta (speed per second): calculated by the formula (value-prev_value) / (time-prev_time), where value is the current value, prev_value is the previous value, time is the current time, and prev_time is the last time. This setting is very useful for collecting a growing rate per second. It is important to note that if the current value is less than the previous value, Zabbix discards the calculated difference and waits for the next collected value to be calculated. For example, this is set when monitoring port traffic on devices such as switches through SNMP.

Delta (simple change): calculated by the formula (value-prev-value), where value is the current value and prev-value is the previous value.

Show value: map the collected monitoring item data. The original value will not be changed after the value mapping, just the interface display has changed. Only monitor items of integer type are supported. Select As is to keep the original value when value mapping is not required.

Log time format: appears only when Type selects Log, and the following placeholders are supported:

Y:Year (1970-2038)

M:Month (01-12)

D:Day (01-31)

H:Hour (00-23)

M:Minute (00-59)

S:Second (00-59)

If timestamp is null, no parsing will be done.

For example, there is a line in the Zabbix agent log file that reads: 23480 Zabbix agent started 20100328 Zabbix agent started 154718.045. Zabbix 1.8.2 (revision 11211). The first six characters are PID, followed by date, time, and other content, so the time format of this line of Log is pppppp:yyyyMMdd:hhmmss. Here p and: are just placeholders and can be in any format except yMdhms.

New application: sets the name of the new monitor group. When you create a monitor item, you can also create a monitor item group.

Application: connect monitor items to one or more existing monitor item groups.

Populates host inventory field: when Host inventory is set to Automatic in the host, the value of this monitoring item is automatically pushed to the selected inventroy field.

Description: the description of the monitoring item.

Enabled: check to enable this monitoring item.

Update monitoring items

In the Items page (Configuration-- > Hosts-- > Items or Configuration-- > Templates-- > Items) list, click the name of the monitoring item that you want to update the configuration in the Name column, go to the monitoring item configuration interface to modify the configuration parameters, and then click the Update button at the bottom of the page to save.

If you need to update multiple monitoring items, Zabbix provides us with a batch update function. When you select multiple monitoring items from the list, click the Mass update button at the bottom left of the page to update in batches. Click the Update button to save when you finish the update.

6.8 Clone monitoring items

When configuring monitoring items in the host, sometimes when adding monitoring items, the configuration of each monitoring item is basically the same, but there are a large number of monitoring items. In this case, we can first create the latter monitoring item, and then clone this monitoring item.

When you need to clone a monitoring item, you first need to open the configuration page of the monitoring item. At the bottom left of the page, you will see the Clone button. After clicking the Clone button, a new configuration page of the monitoring item will appear. All the parameters in this configuration page are already configured in the original monitoring item. You should at least modify the configuration of the monitoring item Key. In the host, the name of the monitoring item can be the same, but the Key must be unique. Click the Add button to add monitoring items after the modification is completed.

6.9 copy monitoring items

Monitoring items in one host can be copied to another host, template, or host group. Select the monitoring items to be copied from the list of monitoring items in the host, then click the Copy button, select the corresponding target type (host group, host or template) and target according to your needs, and click the Copy button to complete the copy of the monitoring items. As shown in figure 6-8 below.

Figure 6-8

Copy the monitor configuration is exactly the same, you do not have the opportunity to modify the configuration during the replication process, unlike cloning, you can modify the configuration during the cloning process.

6.10 clear historical data of monitoring items

When you want to clear the history and trend data of certain monitoring items, you can select the corresponding monitoring item in the list of monitoring items on the host, and then click the Clear history button. The page will pop up to confirm whether to delete the historical data, and click the OK button to complete the deletion. This is shown in figure 6-9 below.

Figure 6-9

6.11 filter monitoring items

In the actual environment, there will be a lot of monitoring items on some hosts. When operating on a monitoring item in the list of monitoring items of the host, it can be filtered through Filter to locate quickly. When setting filtering conditions, you can use host, group, monitoring item name, monitoring item Key, type, status, etc., to filter the combined conditions. As shown in figure 6-10 below.

Figure 6-10

6.12 Delete monitoring items

Select the monitoring items to be deleted in the list of monitoring items of the host, and click the Delete button to delete the selected monitoring items and their historical data. In practice, it is recommended that you first set the monitoring item to be disabled and do not delete it directly.

This article is from http://ustogether.blog.51cto.com/8236854/1925780. If you need to reprint it, please contact the author.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.