The SOST event is used to enable viewing and analyzing the status of all messages sent using SAPconnect.
Potential Use Cases
This event could be used in the following scenarios:
Monitor to determine if any critical messages remain unsent
Identify and alert if the critical messages on a particular id remain unsent for a long duration
Identify and alert if more than a certain number of messages (as per the requirements ) remain unsent and/or unauthorized message has been processed
The SOSCT metric has a configuration based on which the waiting messages present in the SOSC table can be selected. To enable/disable extraction of SOSC records, follow the below steps:
Maintain the SOST metric configuration using the menu option below (Administrator->Setup Metric->Metric Configuration)
Maintain the Parameter value 'X' to extract the waiting status messages present in the SOSC table.
To extract specific messages/emails, it is possible to define rules based on fields available in SOST, SOOD, SOES tables. Following steps need to be performed to setup the rule:
Open SOST filter using menu option below (Administrator->Metric filters->SOST filter):
Please define filter name (should be unique) and description on the header level:
It is possible to define select conditions using corresponding option on the left panel:
Select conditions “Options” field accepted values:
Equal: True, if the content of operand1 matches the content of operand2.
Not Equal: True, if the content of operand1 does not match the content of operand2.
Lower Than: True, if the content of operand1 is smaller than the content of operand2.
Greater Than: True, if the content of operand1 is greater than the content of operand2.
Lower Equal: True, if the content of operand1 is lower than or equal to the content of operand2.
Greater Equal: True, if the content of operand1 is greater than or equal to the content of operand2.
Match a pattern
Patter not matching
The event will look like this in Splunk:
Log in to the SAP system and execute the transaction SOST.