Support Center > Search Results > SecureKnowledge Details
Cannot create events based on "sys_message:" filter
Symptoms
  • Creating events based on "sys_message:" filter fails with: 
    Origin: [IP address] Time: [DATE TIME] 
Flags: 0x140 Interface: "daemon" 
Direction: inbound Action: null ['sys_message:': "installed Standard"]
sys_message has : within the ''
  • When adding ":" to the sys_message field in SmartEvent, it fails with "illegal character" message.
Solution
 Note: To view this solution you need to Sign In .