The Throughputmeter error can be seen in server.log in two cases.
The first case (Rule) can be when audit event agent:050 does not have any value in Device Custom String 4 (DCS 4) field. Audit events agent:050 cannot have null value in Device Custom String 4.
The second case (Connector's aggregation) can happen if there is an aggregation applied for 5 or more minutes.
Rule and Connector's aggregation scenarios:
Rule's settings, which creates agent:050 with Null value in DCS 4:
1. In aggregation tab is Device Event Class ID (DEC ID) and no Device Custom String 4 field.
2. Any other setting which creates event with DEC ID = agent:050 ( Actions > Set event field, etc.)
1. If there is an aggregation applied for 5 minutes or more.
Even if there is in a field based aggregation applied Preserve common fields feature, there could be a null value in Device Custom String 4 field.
Preserve common fields feature preserves only those fields which are identical for all aggregated events. If a field has different values then the values are not preserved and the field will be left
In such a scenario Device Event Class ID will have always agent:050 value and thus this field will be preserved, whereas Device Event Class ID field might have different value and will not
2. If a connector is caching, it may release two agent:050 at the same time. When the aggregation is set even for less than 5 minutes, in this scenario two agent:050 could be aggregated.