Zabbix API allows you to quickly access alert information and automate your workflow

Hello,
I'm Mandai, the Wild Team member of the development team.

This time I would like to write about Zabbix's API

This may seem sudden, but do you think APIs are a hassle?

To be honest, I feel the opposite; I find the API much easier.
The Zabbix management screen contains a lot of information, so if you use it as often as I do, you often forget where things are.

Alert information appears on the dashboard, so there's no need to worry, but I still thought the API would be faster! So I investigated the fastest way to get alert information from the API

API execution environment

To execute the API, we used software called Postman.
It was originally released as an extension for Chrome and Firefox, but a standalone version has also been released, so we will use that.

Postman | API Development Environment

The trial version should be sufficient for carrying out the contents of this article.
It's also convenient for API development, so if you like it, try switching to a paid plan.
It's convenient for team development, as you can share URLs, etc.

 

Check Zabbix API version

First, let's start with the simplest API.
Zabbix provides only one API endpoint, so all APIs are executed from the following URL.

http[s]://[your domain]/api_jsonrpc.php

 

Since information such as login account information is also sent, it must be sent using POST

The content type is application/json-rpc

First, let's try to get information about Zabbix

// request body { "jsonrpc": "2.0", "method": "apiinfo.version", "id": 1, "auth": null, "params": {} } // response { "jsonrpc": "2.0", "result": "3.4.14", "id": 1 }

 

If the version is returned like this, the request was made correctly

If an error occurs, please check the HTTP request information below to see what is wrong

POST /api_jsonrpc.php HTTP/1.1 Host: [your domain] Content-Type: application/json-rpc {"jsonrpc":"2.0","method":"apiinfo.version","id":1,"auth":null,"params":{}}

 

It seems that storing the request JSON as raw data in the body works well.
Otherwise, the URL may be misaligned, so make sure you have the correct URL.

The procedure is as follows:

• Log in to the Zabbix administration page from your browser
• Check the URL of the top page (in this example, it is https://[your domain]/zabbix.php?action=dashboard.view)
• api_jsonrpc.php is in the same directory as zabbix.php, so replace zabbix.php?action=dashboard.view with api_jsonrpc.php

This should give you the correct URL to the API

 

Log in

// request body { "jsonrpc": "2.0", "method": "user.login", "params": { "user": "[username]", "password": "[password]" }, "id": 1, "auth": null } // response { "jsonrpc": "2.0", "result": "[32-digit hash value]", "id": 1 }

 

By entering the hash value obtained in the response as a token in the auth key of each request, you can obtain detailed information

 

Get host information

Getting a list of hosts is very easy:
just specify host.get as the method and the necessary information as params.

Zabbix retrieves a large amount of data from the server, so it may be more difficult to remember the parameters

// request body { "jsonrpc": "2.0", "method": "host.get", "params": { "output": [ "hostid", "host" ], "selectInterfaces": [ "interfaceid", "ip" ] }, "id": 2, "auth": "[32-digit hash value]" } // response { "jsonrpc": "2.0", "result": [ { "hostid": "1", "host": "Zabbix server", "interfaces": [ { "interfaceid": "1", "ip": "127.0.0.1" } ] }, ... ], "id": 2 }

 

You should be able to get the information by copying and pasting it, except for the part where you need to fill in the auth part with the login hash obtained from the user.login API.
Be careful, if you are monitoring a large number of servers, an enormous amount of JSON data will be returned.

If the number of items is large, you can use the limit key to narrow down the number of data items

 

Get alerts

Now, getting to the main topic of alerts is almost the same as getting host information

// request json // Get the latest 3 alerts { "jsonrpc": "2.0", "method": "alert.get", "params": { "output": "extend", "limit": "3", "sortfield": "alertid", "sortorder": "DESC" }, "auth": "xxxxxxxxxxxxxxxxxxxxxx", "id": 1 } // response { "jsonrpc": "2.0", "result": [ { "alertid": "21496022", "actionid": "13", "eventid": "72481", "userid": "xxx", "clock": "1557795687", "mediatypeid": "7", "sendto": "...", "subject": "...", "message": "...", "status": "1", "retries": "0", "error": "", "esc_step": "1", "alerttype": "0", "p_eventid": "xxxxx", "acknowledgeid": "0" }, { "alertid": "21496021", "actionid": "13", "eventid": "72481", "userid": "xxx", "clock": "1557795687", "mediatypeid": "1", "sendto": "...", "subject": "...", "message": "...", "status": "1", "retries": "0", "error": "", "esc_step": "1", "alerttype": "0", "p_eventid": "xxxxx", "acknowledgeid": "0" }, { "alertid": "21496020", "actionid": "11", "eventid": "72481", "userid": "xxx", "clock": "1557795687", "mediatypeid": "1", "sendto": "...", "subject": "...", "message": "...", "status": "1", "retries": "0", "error": "", "esc_step": "1", "alerttype": "0", "p_eventid": "xxxxx", "acknowledgeid": "0" } ], "id": 1 }

 

Although the detailed information has been deleted, the items that can be obtained are as shown above.
This API can be used to obtain information both when an alert occurs and when it is resolved.

There's no real point to it, but if I had to say, it would be to sort the alertid in descending order.
Specify the data you want to sort with sortfield, and specify the sort order with sortorder.

The sort order must be either ASC | DESC and in uppercase.
This was a bit confusing.

 

conclusion

As it turns out, to get alert information from the API, you need to execute two APIs:

1. Get a login token with the user.login API
2. Get alert information with the alert.get API

If you can easily parse the response in 1 and extract the token, you can also execute the API in 2, so even if you're not familiar with programming, it should be fairly easy to create

 

What is an id?

id is an arbitrary integer that can be specified by the user to identify the response.
However, please note that if it is null, a value other than an integer, or does not exist, the API return value will not be received correctly.

 

summary

You can add or change monitors through the Zabbix API, so most things can be done through the API

In addition, although they do not directly execute the API, plugins have also been developed that allow you to register hosts from ansible or terraform (the software uses the API to reflect settings), so an environment is in place where you can automate everything from construction to monitoring

You can run it periodically from AWS Lambda or Cloud Functions, or periodically from cron, and it's a great way to automate regular host health checks and change settings

The latest version of the Zabbix API documentation here , but it is only available in English and does not seem very user-friendly, so you will probably need to do some trial and error at first.
In that case, it would be safer to set up a test Zabbix server and check that it is running.

That's all