We are having CA UIM 8.4 installed on windows 2012 platform.
Now we are having a requirement to monitor events which occurs more than or equal to 2 times with exact same message on event. But when we are using Event count>=2 with time frame 1 min-->we are getting alert for the second event even though the message varies.
ntevl probe version: 4.24
What we are running into is that we have a profile set up so that it should only send out an alarm if a single user tries to log into SQL 2 times within the same minute.
What is happening is that we get an alarm for a the second user that was tried, so if I do 1 try with sa and 1 try with administrator I get the alarm on administrator.
What we are actually looking for is no alarm under that condition, but if sa tries 2 times in less than a minute and it fails than they get an alarm for sa.
Please suggest here.