Thanks a lot for this session, I'm not sure if anyone will answer questions here but it worth a try. I'm using trigger dependencies to have only one alert per site, for example if core switch is down I only get alert for that not for every device attached to it, my question is what is the difference between trigger dependencies and correlation ?
i am also trying to undestand the nuances between all these different methods. I have a similar case to yours and am wondering whether we could use a similar approach to the one in the video, but not relying on the "green/red" interface status logic, but more on whether an actual trigger has fired or not. so the core idea is essentially: * create a virtual "site" host * assign some sort of priority list to specific kind of triggers (maybe by using some tags) --> this will require a javascript dependent item, like in the video above, and also the use of trigger tags (the first kind of event correlation i believe) * create a trigger rule in the "site host" to send out aggregated alert messages Now, i still believe that this logic has some flaws, for example what if we want only send alert messages when the problem "priority" increases, e.g. the switch went down 2 hours ago, but now also the firewall did? i thought to use global event correlation based on tags and problem severity, but it seems like one cannot check the severity level in the global even correlation conditions, so i am kind of stuck ... do you mind creating a post on the zabbix forum Hesham ? we can discuss it over there
Thanks a lot for this session, I'm not sure if anyone will answer questions here but it worth a try.
I'm using trigger dependencies to have only one alert per site, for example if core switch is down I only get alert for that not for every device attached to it, my question is what is the difference between trigger dependencies and correlation ?
i am also trying to undestand the nuances between all these different methods. I have a similar case to yours and am wondering whether we could use a similar approach to the one in the video, but not relying on the "green/red" interface status logic, but more on whether an actual trigger has fired or not.
so the core idea is essentially:
* create a virtual "site" host
* assign some sort of priority list to specific kind of triggers (maybe by using some tags) --> this will require a javascript dependent item, like in the video above, and also the use of trigger tags (the first kind of event correlation i believe)
* create a trigger rule in the "site host" to send out aggregated alert messages
Now, i still believe that this logic has some flaws, for example what if we want only send alert messages when the problem "priority" increases, e.g. the switch went down 2 hours ago, but now also the firewall did?
i thought to use global event correlation based on tags and problem severity, but it seems like one cannot check the severity level in the global even correlation conditions, so i am kind of stuck ...
do you mind creating a post on the zabbix forum Hesham ? we can discuss it over there