轉自:http://blog.51cto.com/szgb17/1888611
1.zabbix表關係
2.hosts
hostid,host(包括模板)
hostid:每臺主機唯一id標識;host:主機名;status:主機狀態標識(爲0則是你要找的主機,3表示的貌似是模板主機)
3.groups
groupid,name
4.hosts_groups
hosts,groups
5.items
hostid,itemid
items表則記錄着沒臺主機所有圖形項目(比如一個網卡圖,有流入和流出兩根線,則這張圖就有兩個item)。字段說明,itemid是每個繪圖項目唯一標識,hostid每個主機的標識,name每個item的名字,delay數據採集間隔,history歷史數據保存時間,status標識item的狀態(0表示正常顯示的item),units保存item的單位
6.graphs_items
gitemid,graphid,itemid
關聯着每幅圖的item和圖形id,簡單的說就是告訴我們每臺主機有多少幅圖及每幅圖上有哪些item
7.graphs
graphid
8.history,history_text,history_uint
itemid
9.trends,trends_uint
itemid
分割線
-------------------------------------------------
10.actions
actionid,
actions表記錄了當觸發器觸發時,需要採用的動作
11.alerts
alerts 表保存了歷史的告警事件,可以從這個表裏面去做一些統計分析,例如某個部門、 某人、某類時間的告警統計,以及更深入的故障發生、恢復時間,看你想怎麼用了。
alertid,actionid,eventid,userid
12.functions
itemid,triggerid
function 表時非常重要的一個表了,記錄了trigger中使用的表達式,例如max、last、nodata等函數。
13.trigger_discovery
triggerid,parent_triggerid
案例
zabbix如何批量更新錯誤圖表 2014/06
http://www.furion.info/654.html
graphs_sql = " select graphid , name from graphs where name like '%端口隊列發包量' "
#獲取graphid
items_sql = " select i.hostid ,g.gitemid,i.itemid ,i.description from items as i left join graphs_items g on i.itemid = g.itemid where g.graphid= %s" % graphid
#獲取hostid,itemid
new_itemid_sql = "select hostid ,itemid,description from items where hostid=%d and description='%s'" %(hostid, description_new)
#獲取正確的itemid
sql_update = "update graphs_items set itemid=%d where graphid = %d and gitemid=%d " %(itemid_new,graphid, gitemid)
#利用更新錯的數據,更新正確的itemid
四個sql語句搞定
2.zabbix批量更新主機關聯的模板
http://www.furion.info/703.html
get_host_template
sql = 'select ht.templateid from hosts_templates ht, hosts h where h.hostid = ht.hostid and h.hostid=%s' %(hostid)
或者template.get
涉及兩個表 hosts_templates和hosts
3.19vs30,其實items都會有,這樣的查詢是錯誤的。
select t1.* from hosts_templates t1 where t1.hostid in(
select ii.hostid from items ii where ii.`name` like '%GC%'
and ii.hostid IN (select htt.hostid from hosts_templates htt where htt.templateid='10143') GROUP BY ii.hostid
) GROUP BY t1.hostid
比如你想查找出那些有應用模板但是沒有items的主機,那些是有故障的
-
找出hostid
select htt.hostid from hosts_templates htt where htt.templateid='10143' and htt.hostid not in (
select ii.hostid from items ii where ii.`name` like '%tomcat%'
and ii.hostid IN (select htt.hostid from hosts_templates htt where htt.templateid='10143') GROUP BY ii.hostid
) group by htt.hostid
2.然後與hosts表連接
select * from hosts kk where kk.hostid in (
select htt.hostid from hosts_templates htt where htt.templateid='10143' and htt.hostid not in (
select ii.hostid from items ii where ii.`name` like '%tomcat%'
and ii.hostid IN (select htt.hostid from hosts_templates htt where htt.templateid='10143') GROUP BY ii.hostid
) group by htt.hostid
)
4.查詢不支持的項目select status,itemid,hostid,name,key_ from items where status=1;
總之,zabbix表關係設計的很好。多餘的字段也會顯示是否故障,比如類似status字段。
問題
1.自動發現規則的表是哪張
2.到主機,可以定位哪些主機的值更新存在異常(比unreachable的報警更加準確)
更新
zabbix 表結構
hosts->hostid->templateid
hosts表
hostid host 1v1關係
hosts_templates
hostid templateid 多v1關係
alerts表是記錄已經發送郵件的記錄
所以界面上是從哪個表取出來的。
events
SELECT * FROM information_schema.`KEY_COLUMN_USAGE`
WHERE referenced_table_name='events'
因爲zabbix有很多外鍵,所以說這個設計很不錯。尤其要注意子表與主表的關聯,比如events
所以分析zabbix表結構,首先從外鍵看起,誰的外鍵多,誰就是主表,那麼就是源頭了。
events acknowledged
select * from events where eventid='4516146';
eventid source object objectid clock value acknowledged ns
4516146 0 0 13791 1470815425 1 1 125453205
5 3 0 13477 1465962284 1 0 97450859
hosts.hostid->hosts_groups.hostid
hosts_groups.groupid->groups.groupid
hosts.hostid->items.hostid
items.itemid->functions.itemid
functions.triggerid->triggers.triggerid
triggers.triggerid->events.objectid
functionid itemid triggerid function parameter
10199 10019 10016 diff 0
{functionid}>100 意味着itemid(10019)的values>100
意思就是items的值關聯function方式,然後triggers是否爲1還是0(正常)
sql語法1:
select ht.templateid from hosts_templates ht, hosts h where h.hostid = ht.hostid
-- and h.hostid = '10084';
解析 hosts的hostid去匹配hosts_templates,所以記錄總數爲hosts_templates,有重複.
sql語法2: 找出那些有應用模板但是沒有items的主機,那些是有故障的
select * from hosts where hostid in
(
SELECT
htt.hostid
FROM
hosts_templates htt
WHERE
htt.templateid = '10143'
AND htt.hostid NOT IN (
SELECT
ii.hostid
FROM
items ii
WHERE
ii.`name` LIKE '%tomcat%'
AND ii.hostid IN (
SELECT
htt.hostid
FROM
hosts_templates htt
WHERE
htt.templateid = '10143'
)
GROUP BY
ii.hostid
)
GROUP BY
htt.hostid
)
sql語法3:查看items中停用的項目
SELECT
b. HOST,
a.itemid,
a.hostid,
a. NAME,
a.key_
FROM
items a,
HOSTS b
WHERE
b.hostid = a.hostid
AND a. STATUS = 1
sql語法4:
create table tmp1 as
(SELECT
`hosts`.`host`,
`triggers`.triggerid,
`triggers`.description,
`triggers`.priority,
`events`.`value`,
FROM_UNIXTIME(`events`.clock) time
FROM
`hosts`,
`triggers`,
`events`,
`items`,
`functions`,
`groups`,
`hosts_groups`
WHERE
`hosts`.hostid = `hosts_groups`.hostid
AND `hosts_groups`.groupid = `groups`.groupid
AND `triggers`.triggerid = `events`.objectid
AND `hosts`.hostid = `items`.hostid
AND `items`.itemid = `functions`.itemid
AND `functions`.triggerid = `triggers`.triggerid);
--告警數據 alter表
select FROM_UNIXTIME(clock),sendto,`subject` from alerts
-- where `subject` like '%磁盤%' and
where DATE_FORMAT(FROM_UNIXTIME(clock),'%Y-%m-%d') = DATE_FORMAT(NOW(),'%Y-%m-%d');
select FROM_UNIXTIME(clock),hh.* from alerts hh where status != 1
and TO_DAYS(NOW()) - TO_DAYS(FROM_UNIXTIME(clock)) < 365;
select FROM_UNIXTIME(clock),hh.* from alerts hh where status != 1
and DATE_FORMAT(NOW(),'%Y-%m-%d') - DATE_FORMAT(FROM_UNIXTIME(clock),'%Y-%m-%d') < 30;
events
select FROM_UNIXTIME(h.clock),h.subject,FROM_UNIXTIME(f.clock),f.* from events f,
(select clock,`subject`,eventid from alerts
where DATE_FORMAT(FROM_UNIXTIME(clock),'%Y-%m-%d') = DATE_FORMAT(NOW(),'%Y-%m-%d')
) as h
where f.eventid = h.eventid
(32723
select * from functions where itemid = '32723'
15497
select * from `triggers` where triggerid = '15497';
select * from `events`
select 1504618584
select from_unixtime(1504618584,'%Y%m%d %H:%i:%S')) 得到的時間爲20170905 21:36:24
select from_unixtime(tt.clock,'%Y%m%d %H:%i:%S'),tt.* from events tt
where eventid in (
select * from alerts order by from_unixtime(clock,'%Y%m%d %H:%i:%S') desc)
order by eventid desc limit 1,5000
hosts
hostid 是ip和模板
select i.itemid,h.host from items i,hosts h where i.hostid=h.hostid and h.host='xxxx' and i.name in ('regionserver writeRequestsCount','regionserver requests');
詳細步驟
select * from hosts where host='192.1.1.206'; hostid
select * from items where hostid='10084';
select * from items where hostid='10084' and name like '%war%'; itemid
總體
hosts,items 聯合查詢itemid,然後通過itemid到history_unit查詢更新記錄
報警trigger條件,記錄到triggers表中,然後符合條件的過濾到alerts,就會發送出去
主屏幕最近20個問題,表示的是獲取到的值一直沒有改變。去striggers查詢
如果一直沒發郵件出去,那麼就會掛在web界面上,然後即使你action了,也不會去從數據庫執行那套操作。就會一直掛着,除非你改變狀態。
問題
1.爲什麼在主屏幕上顯示,而不是發送郵件。
triggers表,alters表沒有數據
CREATE TABLE `triggers` (
`triggerid` bigint(20) unsigned NOT NULL,
`expression` varchar(2048) NOT NULL DEFAULT '',
`description` varchar(255) NOT NULL DEFAULT '',
`url` varchar(255) NOT NULL DEFAULT '',
`status` int(11) NOT NULL DEFAULT '0',
`value` int(11) NOT NULL DEFAULT '0',
`priority` int(11) NOT NULL DEFAULT '0',
`lastchange` int(11) NOT NULL DEFAULT '0',
`comments` text NOT NULL,
`error` varchar(128) NOT NULL DEFAULT '',
`templateid` bigint(20) unsigned DEFAULT NULL,
`type` int(11) NOT NULL DEFAULT '0',
`state` int(11) NOT NULL DEFAULT '0',
`flags` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`triggerid`),
KEY `triggers_1` (`status`),
KEY `triggers_2` (`value`,`lastchange`),
KEY `triggers_3` (`templateid`),
CONSTRAINT `c_triggers_1` FOREIGN KEY (`templateid`) REFERENCES `triggers` (`triggerid`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;