...
Monitor to determine if any critical message messages remain unsent
Identify and alert if the critical messages on a particular id remain unsent for a long duration
Identify and alert if more than a certain number of messages (as per the requirements ) remain unsent and/or unauthorized message has been processed
...
Metric
...
[Insert instructions on how to access and configure the Metric Filters for the event with screenshots]
Splunk Event
The event will look like this in Splunk:
...
SAP Navigation
Log in to the SAP system and execute the transaction SOST.
...
Field Mapping
...
Field
...
Description
...
Unit of Measure
...
EVENT_TYPE
...
SOST
...
String
...
EVENT_SUBTYPE
...
Not Applicable for this Event Type (always blank)
...
String
...
CURRENT_TIMESTAMP
...
The date time stamp when the information was collected
...
YYYYMMDDHHMMSS
...
OBJTP_SOOS
...
Code for document class
...
String
...
OBJYR_SOOS
...
Object: Year from ID
...
String
...
OBJNO_SOOS
...
Object: Number from ID
...
String
...
FORTP_SOOS
...
Forwarder: Object type from ID
...
String
...
FORYR_SOOS
...
Forwarder: year from the ID
...
String
...
FORNO_SOOS
...
Forwarder: number from the ID
...
String
...
RECTP_SOOS
...
Recipient type from ID
...
String
...
RECYR_SOOS
...
Recipient year from the ID
...
String
...
COUNTER_SOST
...
Counter for status entries for this send process
...
String
...
SNDTP_SOOS
...
Sender type from the ID
...
String
...
SNDYR_SOOS
...
Sender year from the ID
...
String
...
SNDNO_SOOS
...
Sender number from the ID
...
String
...
SNDREQ_SOOS
...
Send Request GUID
...
Raw String
...
SNDDAT_SOES
...
Date On Which Object Was Sent
...
YYYYMMDD
...
SNDTIM_SOES
...
Time at Which The Object Was Sent
...
HHMMSS
...
MSGID_SOES
...
Message Class
...
String
...
MSGTY_SOES
...
Message Type
...
1 Character
...
MSGV1_SOES
...
Message Variable
...
String
...
MSGV2_SOES
...
Message Variable
...
String
...
MSGV3_SOES
...
Message Variable
...
String
...
MSGV4_SOES
...
Message Variable
...
String
...
SCOMTP_SOES
...
SAPcomm ID: ID type
...
String
...
SCOMYR_SOES
...
SAPcomm: year of ID
...
String
...
SCOMNO_SOES
...
SAPcomm: number of the ID
...
String
...
STATUS_SOES
...
SAPcomm: status of the sent object
...
String
...
MAILSTATUS_SOES
...
Status of external send in which a mail was sent
...
String
...
ADRNR_SOES
...
Addresses: Address Number
...
String
...
NODE_SOES
...
Name of SAPconnect Node or Telephony Server
...
String
...
ENTRY_DATE_SOST
...
Date of entry in table
...
YYYYMMDD
...
ENTRY_TIME_SOST
...
Time of entry in table
...
HHMMSS
...
MSGID_SOST
...
Message Class
...
String
...
MSGTY_SOST
...
Message Type
...
1 Character
...
MSGNO_SOST
...
Message Number
...
Numerical String
...
MSGV1_SOST
...
Message Variable
...
String
...
MSGV2_SOST
...
Message Variable
...
String
...
MSGV3_SOST
...
Message Variable
...
String
...
MSGV4_SOST
...
Message Variable
...
String
...
CREATOR_SOST
...
User name responsible for creating status
...
String
...
SENDER_SOST
...
Author of status (address object)
...
String
...
DIRECTION_SOST
...
Specifies whether status applies to sending or receiving
...
String
...
SENDER
...
Sender
...
String
...
OBJNAM_SOOD
...
Name of document, folder or distribution list
...
String
...
OBJDES_SOOD
...
Short description of contents (Document Title)
...
String
...
CRONAM_SOOD
...
Creator Name
...
String
...
ENCCNT_SOOD
...
Number of attachments for the object
...
String
...
OBJLEN_SOOD
...
Size of Document Content
...
String
...
OBJDBLEN_SOOD
...
Size of Document Content
...
String
...
ATTLEN_SOOD
...
Total size of all attachments to a document
...
String
...
OBJSNS
...
Object: Sensitivity (private, functional, ...)
...
String
...
UTCDIFF
...
The UTC OFFSSET in HHMMSS that the data was collected in
...
HHMMSS
...
UTCSIGN
...
The UTC positive or negative OFFSET indicator. Positive (+) means add UTCDIFF to find the time zone of the data, negative (-) means subtract the UTCDIFF to find the time zone adjusted date time the data was collected in.
...
Configuration
The SOSCT metric has a configuration based on which the waiting messages present in the SOSC table can be selected. To enable/disable extraction of SOSC records, follow the below steps:
Maintain the SOST metric configuration using the menu option below (Administrator->Setup Metric->Metric Configuration)
Maintain the Parameter value 'X' to extract the waiting status messages present in the SOSC table.
...
Metric Filters
To extract specific messages/emails, it is possible to define rules based on fields available in SOST, SOOD, SOES tables. Following steps need to be performed to setup the rule:
Open SOST filter using menu option below (Administrator->Metric filters->SOST filter):
Please define filter name (should be unique) and description on the header level:
It is possible to define select conditions using corresponding option on the left panel:
Select conditions “Options” field accepted values:
Operator | Description |
EQ | Equal: True, if the content of operand1 matches the content of operand2. |
NE | Not Equal: True, if the content of operand1 does not match the content of operand2. |
LT | Lower Than: True, if the content of operand1 is smaller than the content of operand2. |
GT | Greater Than: True, if the content of operand1 is greater than the content of operand2. |
LE | Lower Equal: True, if the content of operand1 is lower than or equal to the content of operand2. |
GE | Greater Equal: True, if the content of operand1 is greater than or equal to the content of operand2. |
CP | Match a pattern |
NP | Patter not matching |
BT | Between |
NB | Not between |
Splunk Event
The event will look like this in Splunk:
...
SAP Navigation
Log in to the SAP system and execute the transaction SOST.
...