按相关对象和主机名过滤 zabbix 事件
Filter zabbix events by related object and host name
我正在尝试使用 event.get 方法来 select 最近发生的事件,并通过相关对象描述和主机名过滤它们。
示例请求(没有主机名和相关对象描述过滤器)
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"time_from": "1518016133",
"filter": {
"value": 1
},
"selectRelatedObject": ["description"],
"selectHost": ["name"]
},
"id": 2,
"auth": "474aeddd05bb5e5f7fc0e7267fbd2sd6"
}
示例响应
{
"jsonrpc": "2.0",
"result": [
{
"eventid": "24397263",
"source": "0",
"object": "0",
"objectid": "98218",
"clock": "1518016248",
"value": "1",
"acknowledged": "0",
"ns": "850595734",
"hosts": [
{
"hostid": "11513",
"name": "OS-1-LIVE"
}
],
"relatedObject": {
"triggerid": "98218",
"description": "No response"
}
}
],
"id": 2
}
我尝试将以下内容添加到过滤器块(一次一个)
"hosts.name": "TEST"
"hosts[name]": "TEST"
"selectHosts.name": "TEST"
"selectHosts[name]": "TEST"
"relatedObject.description": "TEST"
但其中 none 有效。 (所有结果仍然返回)
是否可以按相关对象和主机名过滤事件?
Zabbix API 版本 3.0.14
经过更多研究后编辑。
event.get的参数仅适用于event object:您可以过滤value、acknowleged、hostids、groupids等,但不能使用它按主机名过滤输出。
您可以使用 hostids 参数(参见 API),但您必须先调用 API 将目标主机名转换为主机 ID。
或者您可以仅使用 selectHosts = 'extend'
,这将 return 一个时间范围内具有完整详细信息的事件和主机列表,然后迭代结果并按您的条件进行过滤。
第一个需要更多 API 个调用,但我认为它更优雅。第二个将 return 特定时间范围内所有主机的所有事件,然后您必须过滤掉所有不需要的事件。
Python 带 hostids 过滤的示例:
hostId = zapi.get_id('host', item="TEST host name")
eventObj = zapi.event.get(time_from=1515771918, hostids=hostId, value="1", selectHosts='extend')
for event in eventObj:
for host in event['hosts']:
# filter by host['description'] or any other host value
Python 没有 hostids 过滤的样本:
eventObj = zapi.event.get(time_from=1515771918, value="1", selectHosts='extend')
for event in eventObj:
for host in event['hosts']:
# filter by host['name'] or host['description'] or any other host value
在这两种情况下,扩展输出将为每个事件提供完整的主机信息:
[
{
"acknowledged": "0",
"c_eventid": "0",
"clock": "1515773211",
"correlationid": "0",
"eventid": "2738610",
"hosts": [
{
"available": "0",
"description": "Host description",
"disable_until": "0",
"error": "",
"errors_from": "0",
"flags": "0",
"host": "192.168.1.1",
"hostid": "10283",
"ipmi_authtype": "-1",
"ipmi_available": "0",
"ipmi_disable_until": "0",
"ipmi_error": "",
"ipmi_errors_from": "0",
"ipmi_password": "",
"ipmi_privilege": "2",
"ipmi_username": "",
"jmx_available": "0",
"jmx_disable_until": "0",
"jmx_error": "",
"jmx_errors_from": "0",
"lastaccess": "0",
"maintenance_from": "0",
"maintenance_status": "0",
"maintenance_type": "0",
"maintenanceid": "0",
"name": "Your device name or hostname",
"proxy_hostid": "0",
"snmp_available": "1",
"snmp_disable_until": "0",
"snmp_error": "",
"snmp_errors_from": "0",
"status": "0",
"templateid": "0",
"tls_accept": "1",
"tls_connect": "1",
"tls_issuer": "",
"tls_psk": "",
"tls_psk_identity": "",
"tls_subject": ""
}
],
"ns": "259800604",
"object": "0",
"objectid": "15177",
"r_eventid": "2738613",
"source": "0",
"userid": "0",
"value": "1"
},
-- other events --
]
您可以使用 selectHosts 来限制检索的值,方法是使用属性数组代替 'extend':
eventObj = zapi.event.get(time_from=1515771918, hostids=hostId, value="1", selectHosts=['description', 'status', 'host'])
此请求将 return 具有此主机格式的事件:
{
"acknowledged": "0",
"c_eventid": "0",
"clock": "1516502139",
"correlationid": "0",
"eventid": "2768212",
"hosts": [
{
"description": "Test server for API experiments",
"host": "Test Server",
"hostid": "10270",
"status": "0"
}
],
"ns": "536030065",
"object": "0",
"objectid": "14920",
"r_eventid": "0",
"source": "0",
"userid": "0",
"value": "1"
},
"""
Shows a list of all current issues (AKA tripped triggers)
"""
from datetime import datetime
import time
from pyzabbix import ZabbixAPI
# The hostname at which the Zabbix web interface is available
ZABBIX_SERVER = 'http://192.168.***.***/zabbix'
zapi = ZabbixAPI(ZABBIX_SERVER)
# Login to the Zabbix API
zapi.login('***', '***')
# Get a list of all issues (AKA tripped triggers)
triggers = zapi.trigger.get(only_true=1,
skipDependent=1,
monitored=1,
active=1,
filter={"value": 1},
output='extend',
expandDescription=1,
selectHosts=['name'],
sortfield=['lastchange'],
sortorder='ASC',
)
# Do another query to find out which issues are Unacknowledged
unack_triggers = zapi.trigger.get(only_true=1,
skipDependent=1,
monitored=1,
active=1,
output='extend',
expandDescription=1,
selectHosts=['host'],
withLastEventUnacknowledged=1,
)
def seconds_to_dhms(time):
seconds_to_minute = 60
seconds_to_hour = 60 * seconds_to_minute
seconds_to_day = 24 * seconds_to_hour
seconds_to_month = 30 * seconds_to_day
seconds_to_year = 12 * seconds_to_month
years = time // seconds_to_year
time %= seconds_to_year
month = time // seconds_to_month
time %= seconds_to_month
days = time // seconds_to_day
time %= seconds_to_day
hours = time // seconds_to_hour
time %= seconds_to_hour
minutes = time // seconds_to_minute
time %= seconds_to_minute
seconds = time
if (seconds >= 0) and (minutes == 0) and (hours == 0) and (days == 0) and (month == 0) and (years == 0):
return("%d seconds" % (seconds))
elif (seconds >= 0) and (minutes >= 1) and (hours == 0) and (days == 0) and (month == 0) and (years == 0):
return("%d minutes : %d seconds" % (minutes, seconds))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 1) and (days == 0) and (month == 0) and (years == 0):
return("%d hours : %d minutes" % (hours, minutes))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 1) and (month == 0) and (years == 0):
return("%d days : %d hours" % (days, hours))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 0) and (month >= 1) and (years == 0):
return("%d month : %d days" % (month, days))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 0) and (month >= 0) and (years >= 1):
return("%d year : %d month" % (years, month))
else:
return("%dm:%dd:%dh:%dm:%ds" % (month, days, hours, minutes, seconds))
# Print a list containing only "tripped" triggers
for t in triggers:
if int(t['value']) == 1:
time_period=int(time.mktime(datetime.now().timetuple())) - int(t['lastchange'])
hostss=zapi.host.get(hostids=t['hosts'][0]['hostid'], output = ['hostid','host','name'], selectInterfaces=['ip','port','dns'])
for i in hostss:
print("-----")
print("{0}\n{1}\n{2}\n{3}".format(t['hosts'][0]['name'],i['interfaces'][0]['ip'], t['description'], seconds_to_dhms(time_period)))
我正在尝试使用 event.get 方法来 select 最近发生的事件,并通过相关对象描述和主机名过滤它们。
示例请求(没有主机名和相关对象描述过滤器)
{
"jsonrpc": "2.0",
"method": "event.get",
"params": {
"time_from": "1518016133",
"filter": {
"value": 1
},
"selectRelatedObject": ["description"],
"selectHost": ["name"]
},
"id": 2,
"auth": "474aeddd05bb5e5f7fc0e7267fbd2sd6"
}
示例响应
{
"jsonrpc": "2.0",
"result": [
{
"eventid": "24397263",
"source": "0",
"object": "0",
"objectid": "98218",
"clock": "1518016248",
"value": "1",
"acknowledged": "0",
"ns": "850595734",
"hosts": [
{
"hostid": "11513",
"name": "OS-1-LIVE"
}
],
"relatedObject": {
"triggerid": "98218",
"description": "No response"
}
}
],
"id": 2
}
我尝试将以下内容添加到过滤器块(一次一个)
"hosts.name": "TEST"
"hosts[name]": "TEST"
"selectHosts.name": "TEST"
"selectHosts[name]": "TEST"
"relatedObject.description": "TEST"
但其中 none 有效。 (所有结果仍然返回)
是否可以按相关对象和主机名过滤事件?
Zabbix API 版本 3.0.14
经过更多研究后编辑。
event.get的参数仅适用于event object:您可以过滤value、acknowleged、hostids、groupids等,但不能使用它按主机名过滤输出。
您可以使用 hostids 参数(参见 API),但您必须先调用 API 将目标主机名转换为主机 ID。
或者您可以仅使用 selectHosts = 'extend'
,这将 return 一个时间范围内具有完整详细信息的事件和主机列表,然后迭代结果并按您的条件进行过滤。
第一个需要更多 API 个调用,但我认为它更优雅。第二个将 return 特定时间范围内所有主机的所有事件,然后您必须过滤掉所有不需要的事件。
Python 带 hostids 过滤的示例:
hostId = zapi.get_id('host', item="TEST host name")
eventObj = zapi.event.get(time_from=1515771918, hostids=hostId, value="1", selectHosts='extend')
for event in eventObj:
for host in event['hosts']:
# filter by host['description'] or any other host value
Python 没有 hostids 过滤的样本:
eventObj = zapi.event.get(time_from=1515771918, value="1", selectHosts='extend')
for event in eventObj:
for host in event['hosts']:
# filter by host['name'] or host['description'] or any other host value
在这两种情况下,扩展输出将为每个事件提供完整的主机信息:
[
{
"acknowledged": "0",
"c_eventid": "0",
"clock": "1515773211",
"correlationid": "0",
"eventid": "2738610",
"hosts": [
{
"available": "0",
"description": "Host description",
"disable_until": "0",
"error": "",
"errors_from": "0",
"flags": "0",
"host": "192.168.1.1",
"hostid": "10283",
"ipmi_authtype": "-1",
"ipmi_available": "0",
"ipmi_disable_until": "0",
"ipmi_error": "",
"ipmi_errors_from": "0",
"ipmi_password": "",
"ipmi_privilege": "2",
"ipmi_username": "",
"jmx_available": "0",
"jmx_disable_until": "0",
"jmx_error": "",
"jmx_errors_from": "0",
"lastaccess": "0",
"maintenance_from": "0",
"maintenance_status": "0",
"maintenance_type": "0",
"maintenanceid": "0",
"name": "Your device name or hostname",
"proxy_hostid": "0",
"snmp_available": "1",
"snmp_disable_until": "0",
"snmp_error": "",
"snmp_errors_from": "0",
"status": "0",
"templateid": "0",
"tls_accept": "1",
"tls_connect": "1",
"tls_issuer": "",
"tls_psk": "",
"tls_psk_identity": "",
"tls_subject": ""
}
],
"ns": "259800604",
"object": "0",
"objectid": "15177",
"r_eventid": "2738613",
"source": "0",
"userid": "0",
"value": "1"
},
-- other events --
]
您可以使用 selectHosts 来限制检索的值,方法是使用属性数组代替 'extend':
eventObj = zapi.event.get(time_from=1515771918, hostids=hostId, value="1", selectHosts=['description', 'status', 'host'])
此请求将 return 具有此主机格式的事件:
{
"acknowledged": "0",
"c_eventid": "0",
"clock": "1516502139",
"correlationid": "0",
"eventid": "2768212",
"hosts": [
{
"description": "Test server for API experiments",
"host": "Test Server",
"hostid": "10270",
"status": "0"
}
],
"ns": "536030065",
"object": "0",
"objectid": "14920",
"r_eventid": "0",
"source": "0",
"userid": "0",
"value": "1"
},
"""
Shows a list of all current issues (AKA tripped triggers)
"""
from datetime import datetime
import time
from pyzabbix import ZabbixAPI
# The hostname at which the Zabbix web interface is available
ZABBIX_SERVER = 'http://192.168.***.***/zabbix'
zapi = ZabbixAPI(ZABBIX_SERVER)
# Login to the Zabbix API
zapi.login('***', '***')
# Get a list of all issues (AKA tripped triggers)
triggers = zapi.trigger.get(only_true=1,
skipDependent=1,
monitored=1,
active=1,
filter={"value": 1},
output='extend',
expandDescription=1,
selectHosts=['name'],
sortfield=['lastchange'],
sortorder='ASC',
)
# Do another query to find out which issues are Unacknowledged
unack_triggers = zapi.trigger.get(only_true=1,
skipDependent=1,
monitored=1,
active=1,
output='extend',
expandDescription=1,
selectHosts=['host'],
withLastEventUnacknowledged=1,
)
def seconds_to_dhms(time):
seconds_to_minute = 60
seconds_to_hour = 60 * seconds_to_minute
seconds_to_day = 24 * seconds_to_hour
seconds_to_month = 30 * seconds_to_day
seconds_to_year = 12 * seconds_to_month
years = time // seconds_to_year
time %= seconds_to_year
month = time // seconds_to_month
time %= seconds_to_month
days = time // seconds_to_day
time %= seconds_to_day
hours = time // seconds_to_hour
time %= seconds_to_hour
minutes = time // seconds_to_minute
time %= seconds_to_minute
seconds = time
if (seconds >= 0) and (minutes == 0) and (hours == 0) and (days == 0) and (month == 0) and (years == 0):
return("%d seconds" % (seconds))
elif (seconds >= 0) and (minutes >= 1) and (hours == 0) and (days == 0) and (month == 0) and (years == 0):
return("%d minutes : %d seconds" % (minutes, seconds))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 1) and (days == 0) and (month == 0) and (years == 0):
return("%d hours : %d minutes" % (hours, minutes))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 1) and (month == 0) and (years == 0):
return("%d days : %d hours" % (days, hours))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 0) and (month >= 1) and (years == 0):
return("%d month : %d days" % (month, days))
elif (seconds >= 0) and (minutes >= 0) and (hours >= 0) and (days >= 0) and (month >= 0) and (years >= 1):
return("%d year : %d month" % (years, month))
else:
return("%dm:%dd:%dh:%dm:%ds" % (month, days, hours, minutes, seconds))
# Print a list containing only "tripped" triggers
for t in triggers:
if int(t['value']) == 1:
time_period=int(time.mktime(datetime.now().timetuple())) - int(t['lastchange'])
hostss=zapi.host.get(hostids=t['hosts'][0]['hostid'], output = ['hostid','host','name'], selectInterfaces=['ip','port','dns'])
for i in hostss:
print("-----")
print("{0}\n{1}\n{2}\n{3}".format(t['hosts'][0]['name'],i['interfaces'][0]['ip'], t['description'], seconds_to_dhms(time_period)))