早上一到公司,研发就提出查看昨天晚上的历史告警。
得了,干活儿吧
思路就是进入zabbix数据库,通过查询alerts表得到数据。 先看下alerts表的字段:
MariaDB [zabbix]> desc alerts;
+---------------+---------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------------+---------------------+------+-----+---------+-------+
| alertid | bigint(20) unsigned | NO | PRI | NULL | |
| actionid | bigint(20) unsigned | NO | MUL | NULL | |
| eventid | bigint(20) unsigned | NO | MUL | NULL | |
| userid | bigint(20) unsigned | YES | MUL | NULL | |
| clock | int(11) | NO | MUL | 0 | |
| mediatypeid | bigint(20) unsigned | YES | MUL | NULL | |
| sendto | varchar(1024) | NO | | | |
| subject | varchar(255) | NO | | | |
| message | text | NO | | NULL | |
| status | int(11) | NO | MUL | 0 | |
| retries | int(11) | NO | | 0 | |
| error | varchar(2048) | NO | | | |
| esc_step | int(11) | NO | | 0 | |
| alerttype | int(11) | NO | | 0 | |
| p_eventid | bigint(20) unsigned | YES | MUL | NULL | |
| acknowledgeid | bigint(20) unsigned | YES | MUL | NULL | |
| parameters | text | NO | | NULL | |
+---------------+---------------------+------+-----+---------+-------+
17 rows in set (0.00 sec)
我只需要告警主题subject和告警信息message两个字段就可以了。
select subject,message from alerts where subject LIKE "%High ICMP ping%" and message LIKE "%老师媒体%" limit 300;
Problem: High ICMP ping response time | 故障告警----服务器: { 49667_BGP_北京老师媒体490_阿里. } 发生 :High ICMP ping response time故障!
告警主机: { 49667_BGP_北京老师媒体490_阿里. }
主机地址: 59.110.12.72
告警等级: Warning
告警信息: High ICMP ping response time
告警项目: icmppingsec
ICMP response time:248ms
告警时间: 2022.04.01 19:50:49
当前状态: PROBLEM
导出结果,用shell命令把结果过滤就行了,完事儿~。~
