I have a question regarding spectrum 10.1,A divice 10.20.10.2 i have a rule declared in Sysedge contains a detonator '.*Cannot open connection.* ' but within the log to check it contains in Match text: ERROR (Procesarbackoffice.negocio.contable- execute:85 )- -> ocurred a error in information send the diviceA 184.108.40.206 cannot openconnection). But the computer does not alarm the one that has declared the rule if it does not take the ip that has the LOG and alarm that equipment, I think that is not correct or That is the root cause analysis function?
I hope they support me
It seems to me that you are trying to monitor log file using SystemEDGE, however we need more clearer description about what the issue and what exactly your expectation is. Can you give the event data and screen captures to visualize your problem?
Please open a case with CA Support, as we will need to review configurations, etc. to see why this is not working