Hello -
I have a logging event like this one. We are searching on "Threshold Exceeded" AND "225"
9/26/17 13:45:18:690 EDT] 000215d9 SystemOut O 4580330012 [SIBJMSRAThreadPool **: 764**] ERROR com.hdx.routing.saf.SafUtils - ** SAF THRESHOLD EXCEEDED ** currently SAF count is: 100 for Node : BJH/BJC/225/302/4.0 and route info:
When we hit on this we need to search backwards over one min looking for the same ThreadPool ID in the error above it's : 764.
[9/26/17 13:45:18:675 EDT] 000215d9 SystemOut O 4580329994 [SIBJMSRAThreadPool **: 764**] WARN com.hdx.routing.delivery.DeliveryEventHandlerSafV1 - **SAF** Failed sending to node 840153625 at TCPfalsefalse**64.46.236.20****10202**03ACK with RLogPK
For this result we need to pull out the IP / Port and generate an alert. I have not extracted any fields yet.
We are still very new to Splunk. Thanks in advance for the help.
Carl
↧