Hi all,
We are using Sentinel version 8.1.1.0_4309 for a few months and we have discovered some new Sentinel events, which we have not seen on version 7.4.1.
1.
Code:
evt:"BufferOverLimit" Message: RT-Event-Queue-Active Views: Dropped 246324240000 event(s) since Tue Sep 18 15:53:11 CEST 2018.Total events dropped 248310560000.
The event has severity 1 and the message is same for RT-Event-Queue-Correlation and RT-Event-Queue-Security Intelligence. We had network issue between 15:53 and 16:03 when these events were generated so we assume that this is a new format of log messages that used to say that events are out of 30s window. We have not seen event "Failed To Correlate" that is mentioned in the 8.1.1 Release Notes so we are not sure of that.
Our queue for these events according to Storage health tab is set by default to 20,000,000. The number of events dropped is surely not real, we really do not have 410,540,400 EPS.

2. Same type of event as in the point 1, but for RawDataStorage:
Code:
evt:"BufferOverLimit" Message: RawDataStore-eventQueue: Dropped 96167 event(s) since Wed Sep 19 09:00:01 CEST 2018.Total events dropped 3910136.
This event is randomly generated through a day. Our queue for RawData Store is set by default to 42,949,672,940,000 according to Storage health tab.

For both occurrences we do not see weird records in log files.
Thanks for your help with the investigation.