This site is in read only mode. Please continue to browse, but replying, likes, and other actions are disabled for now.

⚠️ We've moved!

Hi there!

To reduce project dependency on 3rd party paid services the StackStorm TSC has decided to move the Q/A from this forum to Github Discussions. This will make user experience better integrated with the native Github flow, as well as the questions closer to the community where they can provide answers.

Use 🔗 Github Discussions to ask your questions.

Zabbix trigger, how to pull parameters out of the payload

I’m in the process of learning StackStorm and building a small proof of concept that takes a trigger from Zabbix and runs an action to restart a service on a Windows server.

I’d like some help in figuring out how to take a parameter from the following alert_message and use that as an option in a rule.
Specifically I’m looking to take the hostname and event id out of the message text.

Thanks.

+-----------------+--------------------------------------------------------------+
| Property        | Value                                                        |
+-----------------+--------------------------------------------------------------+
| id              | 5cc854319a6fe026884e44df                                     |
| trigger         | zabbix.event_handler                                         |
| occurrence_time | 2019-04-30T23:57:05.000000Z                                  |
| payload         | {                                                            |
|                 |     "alert_sendto": "Admin",                                 |
|                 |     "extra_args": [],                                        |
|                 |     "alert_message": "{"items": [{"value": "99 %", "host":   |
|                 | "DC1", "name": "#3: CPU utilization", "key":                 |
|                 | "system.cpu.util[hrProcessorLoad.3]"}, {"value":             |
|                 | "*UNKNOWN*", "host": "*UNKNOWN*", "name": "*UNKNOWN*",       |
|                 | "key": "*UNKNOWN*"}, {"value": "*UNKNOWN*", "host":          |
|                 | "*UNKNOWN*", "name": "*UNKNOWN*", "key": "*UNKNOWN*"},       |
|                 | {"value": "*UNKNOWN*", "host": "*UNKNOWN*", "name":          |
|                 | "*UNKNOWN*", "key": "*UNKNOWN*"}, {"value": "*UNKNOWN*",     |
|                 | "host": "*UNKNOWN*", "name": "*UNKNOWN*", "key":             |
|                 | "*UNKNOWN*"}, {"value": "*UNKNOWN*", "host": "*UNKNOWN*",    |
|                 | "name": "*UNKNOWN*", "key": "*UNKNOWN*"}, {"value":          |
|                 | "*UNKNOWN*", "host": "*UNKNOWN*", "name": "*UNKNOWN*",       |
|                 | "key": "*UNKNOWN*"}, {"value": "*UNKNOWN*", "host":          |
|                 | "*UNKNOWN*", "name": "*UNKNOWN*", "key": "*UNKNOWN*"}],      |
|                 | "trigger": {"status": "PROBLEM", "id": "15970", "name": "#3: |
|                 | High CPU utilization"}, "event": {"id": "1120", "time":      |
|                 | "23:57:03"}}",                                               |
|                 |     "alert_subject": "PROBLEM: #3: High CPU utilization"     |
|                 | }                                                            |
| status          | processed                                                    |
+-----------------+--------------------------------------------------------------+

Take a look at Rules — StackStorm 3.0.0 documentation and examples about how to work with the payload.

What did you try already to extract needed data from the payload (for example payload.alert_message.event)?
How your rule looks like?