|
|
| Subject: | Help with transform |
| Author: | [Not Specified] |
| Posted: | 2014-04-18 10:55 |
I have a transform for in SNMP trap that will show me the outbound queue of our barracuda with the message count as part of the summary line. The problem is that when the message count changes a new event is created versus updating the existing. Does anyone have an idea how I can handle this Perhaps as part of the transform I can clear previous alarms then write the new trap
Here is what I currently have:
if evt. eventClassKey == "barracuda.2.1.9":
evt.summary = "Outbound mail queue is high" + str (getattr(evt, "barracuda"))
evt.message = "Outbound mail queue is high - " + str (getattr(evt, "barracuda"))
evt.component = str (getattr(evt, "device_title"))
| Subject: | evt.dedupid |
| Author: | Jan Garaj |
| Posted: | 2014-04-20 16:37 |
You have a problem with deduplication. Keep in mind, that event summary is a part of event.dedupid.
The simplest solution is keeping the summary always the same "Outbound mail queue is high" and current queue value will be available only in message. In this case you event will be deduplicated correctly = it will increase only counter of current event.
You can also try to setup your own dedupid in event transformation (if you want to keep value in summary), but I'm not sure if it's possible.
Devops Monitoring Expert advice:
Dockerize/automate/monitor all the things.
DevOps stack:
Docker / Kubernetes / Mesos / Zabbix / Zenoss / Grafana / Puppet / Ansible / Vagrant / Terraform /
Elasticsearch
| < |
Previous many processes running python command in Zenoss server |
Next Daemon heartbeat failure every 12 hours |
> |