Hi Guys,
I’m having problem with a specific Condition i’ve setup that doesn’t seem to be getting matched when a message containing the relevant content comes in. I have other Stream/Conditions which are matching fine. Here is the setup on the one failing:
Stream: SymantecEP - matching on source of SymantecServer
Condition Type: Field content alert condition
Field: message
Value: Protection has been disabled
Grace: 5
Message backlog: 5
The content of the message i’m seeing correctly routed to the stream which I’m trying to get the condition to match against is:
I can only assume i’ve got something wrong with the value i’m trying to match against, but then other Conditions i have running for other streams are working fine.
Any suggestions are welcome…thanks!