Zabbix DB:事件如何链接到主机
Zabbix DB: how events linked to hosts
我想通过 2 个监控系统创建自定义事件报告。
我知道 Zabbix API,但想想
如果我通过 API 请求数据,那么如果我直接对数据库 Zabbix 执行查询,性能将不一样。
我找到了一个 table,其中包含有关事件的信息,
SELECT eventid, source, object, objectid, clock, value, acknowledged, ns
FROM zabbix.events
找到 zabbix.hosts 和 zabbix.host_inventory。
zabbix.events
如何链接到 zabbix.hosts
?
数据库模式没有正式记录,但您可以找到一些社区资源 - http://zabbix.org/wiki/Database_Schemas。请记住这是 2.4.3 版本。这可能足以为您的案例找到关系。
objectid
对于触发器事件 (source=0
) 是触发器 ID,触发器 ID 又具有函数 ID,函数 ID 又具有项目 ID,项目 ID 又具有主机 ID。
您可以在 Zabbix 共享上查看此 link:
https://share.zabbix.com/databases/mysql/zabbix-database-model
Alain 对每个新版本的更新都非常快,如果您想进行一些 SQL 查询,这是必备的。
信息确实在此 select 中编译:
SELECT * FROM events
JOIN triggers ON events.objectid = triggers.triggerid
JOIN functions ON functions.triggerid = triggers.triggerid
JOIN items ON items.itemid = functions.itemid
JOIN hosts ON items.hostid = hosts.hostid
WHERE events.source = 0
AND
LOWER(hosts.host) like 'mysql%'
AND events.clock>=unix_timestamp('2017-09-25 09:55:00')
AND events.clock<=unix_timestamp('2017-09-25 11:00:00')
ORDER BY events.clock DESC
;
这是我针对 zabbix 数据库 运行 创建的查询。它加入主机和主机组,然后离开加入已确认或未确认的事件。一旦一个事件被解决,它就会放弃这个查询。它拉取已启用或无法访问的主机。
select
h.name as hostname,
h.status as hoststatus,
g.name as groupname,
hi.alias as hostalias,
hi.location as hostlocation,
hi.os as hostos,
dt.idescription as itemdescription,
dt.ikey as itemkey_,
dt.iname as itemname,
dt.hsurl as httpstepurl,
dt.hsname as httpstepname,
dt.tcomments as triggercomments,
dt.tdescription as triggerdescription,
dt.tpriority as triggerpriority,
dt.eventclock as eventclock,
dt.eacknowledged as eventacknowledged
from
hosts h
inner join hosts_groups hg on h.hostid=hg.hostid
inner join groups g on hg.groupid = g.groupid
left join host_inventory hi on h.hostid=hi.hostid
LEFT JOIN
(SELECT
i.hostid as ihostid,
i.itemid as iitemid,
i.description as idescription,
i.key_ as ikey,
i.name as iname,
hs.url as hsurl,
hs.name as hsname,
t.description as tdescription,
t.url as turl,
t.comments as tcomments,
t.priority as tpriority,
from_unixtime(e.clock) as eventclock,
e.acknowledged as eacknowledged
from items i
left join functions f on i.itemid = f.itemid
left join triggers t on f.triggerid = t.triggerid
right join events e on t.triggerid = e.objectid
left join httpstepitem hsi on i.itemid = hsi.itemid
left join httpstep hs on hsi.httpstepid = hs.httpstepid
inner join problem p on e.eventid = p.eventid
WHERE
((e.acknowledged='0' AND i.status='0' AND r_clock='0') OR (e.acknowledged='1' AND i.status='0' AND r_clock='0'))
) dt ON h.hostid = dt.ihostid
where (h.status='2' or h.status='0');
我想通过 2 个监控系统创建自定义事件报告。
我知道 Zabbix API,但想想 如果我通过 API 请求数据,那么如果我直接对数据库 Zabbix 执行查询,性能将不一样。
我找到了一个 table,其中包含有关事件的信息,
SELECT eventid, source, object, objectid, clock, value, acknowledged, ns
FROM zabbix.events
找到 zabbix.hosts 和 zabbix.host_inventory。
zabbix.events
如何链接到 zabbix.hosts
?
数据库模式没有正式记录,但您可以找到一些社区资源 - http://zabbix.org/wiki/Database_Schemas。请记住这是 2.4.3 版本。这可能足以为您的案例找到关系。
objectid
对于触发器事件 (source=0
) 是触发器 ID,触发器 ID 又具有函数 ID,函数 ID 又具有项目 ID,项目 ID 又具有主机 ID。
您可以在 Zabbix 共享上查看此 link: https://share.zabbix.com/databases/mysql/zabbix-database-model
Alain 对每个新版本的更新都非常快,如果您想进行一些 SQL 查询,这是必备的。
信息确实在此 select 中编译:
SELECT * FROM events
JOIN triggers ON events.objectid = triggers.triggerid
JOIN functions ON functions.triggerid = triggers.triggerid
JOIN items ON items.itemid = functions.itemid
JOIN hosts ON items.hostid = hosts.hostid
WHERE events.source = 0
AND
LOWER(hosts.host) like 'mysql%'
AND events.clock>=unix_timestamp('2017-09-25 09:55:00')
AND events.clock<=unix_timestamp('2017-09-25 11:00:00')
ORDER BY events.clock DESC
;
这是我针对 zabbix 数据库 运行 创建的查询。它加入主机和主机组,然后离开加入已确认或未确认的事件。一旦一个事件被解决,它就会放弃这个查询。它拉取已启用或无法访问的主机。
select
h.name as hostname,
h.status as hoststatus,
g.name as groupname,
hi.alias as hostalias,
hi.location as hostlocation,
hi.os as hostos,
dt.idescription as itemdescription,
dt.ikey as itemkey_,
dt.iname as itemname,
dt.hsurl as httpstepurl,
dt.hsname as httpstepname,
dt.tcomments as triggercomments,
dt.tdescription as triggerdescription,
dt.tpriority as triggerpriority,
dt.eventclock as eventclock,
dt.eacknowledged as eventacknowledged
from
hosts h
inner join hosts_groups hg on h.hostid=hg.hostid
inner join groups g on hg.groupid = g.groupid
left join host_inventory hi on h.hostid=hi.hostid
LEFT JOIN
(SELECT
i.hostid as ihostid,
i.itemid as iitemid,
i.description as idescription,
i.key_ as ikey,
i.name as iname,
hs.url as hsurl,
hs.name as hsname,
t.description as tdescription,
t.url as turl,
t.comments as tcomments,
t.priority as tpriority,
from_unixtime(e.clock) as eventclock,
e.acknowledged as eacknowledged
from items i
left join functions f on i.itemid = f.itemid
left join triggers t on f.triggerid = t.triggerid
right join events e on t.triggerid = e.objectid
left join httpstepitem hsi on i.itemid = hsi.itemid
left join httpstep hs on hsi.httpstepid = hs.httpstepid
inner join problem p on e.eventid = p.eventid
WHERE
((e.acknowledged='0' AND i.status='0' AND r_clock='0') OR (e.acknowledged='1' AND i.status='0' AND r_clock='0'))
) dt ON h.hostid = dt.ihostid
where (h.status='2' or h.status='0');