{"id":308,"date":"2026-06-09T16:16:17","date_gmt":"2026-06-09T14:16:17","guid":{"rendered":"https:\/\/www.sysadmins.nl\/?p=308"},"modified":"2026-06-09T16:21:06","modified_gmt":"2026-06-09T14:21:06","slug":"incident-investigation-module-in-zabbix","status":"publish","type":"post","link":"https:\/\/www.sysadmins.nl\/index.php\/2026\/06\/09\/incident-investigation-module-in-zabbix\/","title":{"rendered":"Incident Investigation module in Zabbix"},"content":{"rendered":"\n

Zabbix offers the possibility of adding (or even developing) extra modules. One of these modules is the Incident Investigation module from Monzphere<\/a> which is free to use!<\/p>\n\n\n\n

This module allows you to understand when and how incidents occur. The module will create heatmaps<\/strong> (at which days and what time does a problem occur more), gives you montly comparison<\/strong> and trends, determines the impact on your services (SLA<\/strong>) and makes use of the planned maintenance periods.<\/p>\n\n\n\n

Sometimes you already know a problem occurs more often than you want. You want to see over the complete period of monitoring the related metrics when it really is a large problem and occurs the most.<\/p>\n\n\n\n

When you install and activate this module, you’ll get an extra search magnifier<\/em> (\ud83d\udd0d) option added to a problem description. Just click on this magnifier and you’ll get exactly the overview you’ll need to pinpoint at what times the problem occurs more often.<\/p>\n\n\n\n

I think this is a great addition to Zabbix (7.0.x) installations for getting more ahead of problems before they become a large outage!<\/p>\n\n\n\n

Installation with some screenshots<\/h2>\n\n\n\n

At first let’s see how a list of recent problems looks like without this module activated:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The installation process is quite simple (and also explained at the Github repository). Just clone the Github repository and copy the mentioned directory to \/usr\/share\/zabbix\/modules\/<\/em> on your Zabbix frontend server (this can be a different server\/VM\/container than your Zabbix server!).<\/p>\n\n\n\n

cp -rp IncidentInvestigation \/usr\/share\/zabbix\/modules<\/code><\/pre>\n\n\n\n
Navigate as a Super Admin user to Admin -> General -> Modules and rescan the directory if.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
When this is done, you will find the Incident Investigation module added but still disabled. Just click enable<\/em><\/strong> and it will be ready<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
After this browse to the Problems page<\/em><\/strong> and see the extra magnifier<\/em> added to the description of problems:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Using the magnifier (Incident Investigation)<\/em><\/h2>\n\n\n\n
As this works for metrics you already collected, Incident Investigation will deliver all functionality immediately even if you installed it months or years after starting monitoring using Zabbix!<\/p>\n\n\n\n
For this example I’ll open the problem reported by a Windows agent:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Here it’s immediately visible at what time of day (since start monitoring of this host) the problems where reported the most times (between 14:00 and 15:00 on a Tuesday). Also we can see that during the night this problem was also reported (on Wednesday and Thursday) but this was also during a maintenance period.<\/p>\n\n\n\n
Scrolling down will reveal more info on this specific problem.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
And ofcourse it’s also possible to click on several items for more information. It’s also to possible to (in this example) click on the red highlighted number 3<\/strong> and see when the problems occured (here it will be narrowed just to february)<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
The addition of this module gives you in a few clicks more insight on problems and when they occur. This will help you in fixing and even preventing problems before they will become an outage!<\/p>\n\n\n\n
No hosts were harmed during the writing of this article \ud83d\ude09<\/p><\/blockquote><\/figure>\n","protected":false},"excerpt":{"rendered":"
Zabbix offers the possibility of adding (or even developing) extra modules. One of these modules is the Incident Investigation module from Monzphere which is free to use! This module allows you to understand when and how incidents occur. The module will create heatmaps (at which days and what time does a problem occur more), gives […]<\/p>\n","protected":false},"author":1,"featured_media":323,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8],"tags":[13,28,27,6],"class_list":["post-308","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-observability","category-zabbix","tag-7-0","tag-enhancement","tag-modules","tag-zabbix"],"_links":{"self":[{"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/posts\/308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/comments?post=308"}],"version-history":[{"count":4,"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/posts\/308\/revisions"}],"predecessor-version":[{"id":320,"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/posts\/308\/revisions\/320"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/media\/323"}],"wp:attachment":[{"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/media?parent=308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/categories?post=308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sysadmins.nl\/index.php\/wp-json\/wp\/v2\/tags?post=308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}