Zabbix API allows you to quickly access alert information and automate your workflow

Hello.
I'm Mandai, the Wild team member in charge of development.

This time I would like to write about Zabbix's API

This may seem sudden, but do you think APIs are a hassle?

To be honest, I feel the opposite; the API is overwhelmingly easier to use.
The Zabbix management interface has so much information that, with my level of usage, I often forget where things are.

Alert information appears on the dashboard, so there's no need to worry, but I still thought the API would be faster! So I investigated the fastest way to get alert information from the API

API execution environment

For this project, I used Postman to execute the API.
Originally released as a Chrome or Firefox extension, a standalone version has also been available for some time, so I'll be using that.

Postman | API Development Environment

The trial version should be sufficient for implementing the content of this article.
It's also convenient for API development, so if you like it, consider switching to a paid plan.
It's especially useful for team development as it allows for URL sharing!

 

Check Zabbix API version

Let's start by trying the simplest API.
Zabbix only provides one API endpoint, so all APIs are accessed via the following URL.

http[s]://[your domain]/api_jsonrpc.php

 

Since information such as login account information is also sent, it must be sent using POST

The content type is application/json-rpc

First, let's try to get information about Zabbix

// request body { "jsonrpc": "2.0", "method": "apiinfo.version", "id": 1, "auth": null, "params": {} } // response { "jsonrpc": "2.0", "result": "3.4.14", "id": 1 }

 

If the version is returned like this, the request was made correctly

If an error occurs, please check the HTTP request information below to see what is wrong

POST /api_jsonrpc.php HTTP/1.1 Host: [your domain] Content-Type: application/json-rpc {"jsonrpc":"2.0","method":"apiinfo.version","id":1,"auth":null,"params":{}}

 

It seems that storing the request JSON as raw data in the body works well.
Otherwise, URL discrepancies might be the cause, so please check the correct URL.

The procedure is as follows:

• Log in to the Zabbix administration page from your browser
• Check the URL of the top page (in this example, it is https://[your domain]/zabbix.php?action=dashboard.view)
• api_jsonrpc.php is in the same directory as zabbix.php, so replace zabbix.php?action=dashboard.view with api_jsonrpc.php

This should give you the correct URL to the API

 

Log in

// request body { "jsonrpc": "2.0", "method": "user.login", "params": { "user": "[username]", "password": "[password]" }, "id": 1, "auth": null } // response { "jsonrpc": "2.0", "result": "[32-digit hash value]", "id": 1 }

 

By entering the hash value obtained in the response as a token in the auth key of each request, you can obtain detailed information

 

Get host information

Getting a list of hosts is very easy.
Just specify `host.get` as the method and the necessary information as `params`.

Zabbix retrieves a large amount of data from the server, so it may be more difficult to remember the parameters

// request body { "jsonrpc": "2.0", "method": "host.get", "params": { "output": [ "hostid", "host" ], "selectInterfaces": [ "interfaceid", "ip" ] }, "id": 2, "auth": "[32-digit hash value]" } // response { "jsonrpc": "2.0", "result": [ { "hostid": "1", "host": "Zabbix server", "interfaces": [ { "interfaceid": "1", "ip": "127.0.0.1" } ] }, ... ], "id": 2 }

 

Aside from needing to embed the login hash obtained from the user.login API into the auth section, you should be able to retrieve the information by simply copying and pasting. Be aware that
if you are monitoring a large number of servers, you will receive an enormous amount of JSON data.

If the number of items is large, you can use the limit key to narrow down the number of data items

 

Get alerts

Now, getting to the main topic of alerts is almost the same as getting host information

// request json // Get the latest 3 alerts { "jsonrpc": "2.0", "method": "alert.get", "params": { "output": "extend", "limit": "3", "sortfield": "alertid", "sortorder": "DESC" }, "auth": "xxxxxxxxxxxxxxxxxxxxxx", "id": 1 } // response { "jsonrpc": "2.0", "result": [ { "alertid": "21496022", "actionid": "13", "eventid": "72481", "userid": "xxx", "clock": "1557795687", "mediatypeid": "7", "sendto": "...", "subject": "...", "message": "...", "status": "1", "retries": "0", "error": "", "esc_step": "1", "alerttype": "0", "p_eventid": "xxxxx", "acknowledgeid": "0" }, { "alertid": "21496021", "actionid": "13", "eventid": "72481", "userid": "xxx", "clock": "1557795687", "mediatypeid": "1", "sendto": "...", "subject": "...", "message": "...", "status": "1", "retries": "0", "error": "", "esc_step": "1", "alerttype": "0", "p_eventid": "xxxxx", "acknowledgeid": "0" }, { "alertid": "21496020", "actionid": "11", "eventid": "72481", "userid": "xxx", "clock": "1557795687", "mediatypeid": "1", "sendto": "...", "subject": "...", "message": "...", "status": "1", "retries": "0", "error": "", "esc_step": "1", "alerttype": "0", "p_eventid": "xxxxx", "acknowledgeid": "0" } ], "id": 1 }

 

Detailed information has been removed, but the items that can be retrieved are as listed above.
This API can be used to retrieve information both when an alert is triggered and when it is resolved.

There aren't any particularly noteworthy points, but if I had to pick one, it would be that it sorts by alertid in descending order.
You specify the data you want to sort with sortfield and specify the sort order with sortorder.

The sortorder must be specified as either ASC or DESC, and it must be in uppercase.
This gave me a bit of trouble.

 

conclusion

As it turns out, to get alert information from the API, you need to execute two APIs:

1. Get a login token with the user.login API
2. Get alert information with the alert.get API

If you can easily parse the response in 1 and extract the token, you can also execute the API in 2, so even if you're not familiar with programming, it should be fairly easy to create

 

What is an id?

The `id` is any integer that the user can specify to identify the response.
However, please note that if it is null, a non-integer value, or does not exist, you will not be able to receive the API return value correctly.

 

summary

You can add or change monitors through the Zabbix API, so most things can be done through the API

In addition, although they do not directly execute the API, plugins have also been developed that allow you to register hosts from ansible or terraform (the software uses the API to reflect settings), so an environment is in place where you can automate everything from construction to monitoring

You can run it periodically from AWS Lambda or Cloud Functions, or periodically from cron, and it's a great way to automate regular host health checks and change settings

The documentation for the latest version of the Zabbix APIhere, but it's only available in English and doesn't seem very user-friendly, so you'll probably need to do some trial and error at first.
In that case, it's probably best to set up a test Zabbix server and verify that it works.

That's all