...
Monitor to determine if any critical message remain unsent
Identify and alert if the critical messages on a particular id remain unsent for a long duration
Identify and alert if more than a certain number of messages (as per the requirements ) remain unsent and/or unauthorized message has been processed
...
Metric Filters
...
To extract specific messages/emails, it is possible to define rules based on fields available in SOST, SOOD, SOES tables. Following steps need to be performed to setup the rule:
Open SOST filter using menu option below (Administrator->Metric filters->SOST filter):
Please define filter name (should be unique) and description on the header level:
It is possible to define select conditions using corresponding option on the left panel:
Select conditions “Options” field accepted values:
Operator | Description |
EQ | Equal: True, if the content of operand1 matches the content of operand2. |
NE | Not Equal: True, if the content of operand1 does not match the content of operand2. |
LT | Lower Than: True, if the content of operand1 is smaller than the content of operand2. |
GT | Greater Than: True, if the content of operand1 is greater than the content of operand2. |
LE | Lower Equal: True, if the content of operand1 is lower than or equal to the content of operand2. |
GE | Greater Equal: True, if the content of operand1 is greater than or equal to the content of operand2. |
CP | Match a pattern |
NP | Patter not matching |
BT | Between |
NB | Not between |
Splunk Event
The event will look like this in Splunk:
...