Log Source Picker
Instead of using data model names in the Advanced Search query, you can select log sources from the log source picker, and a query including the selected sources is generated. You can also use the filters to create a dynamic rule to generate a query.
The generated query includes the system data model and a filter for the selected log sources. For example:
USE system | sys_device IN ('::ffff:127.0.0.1_otherUnix','::ffff:10.128.132.92_otherUnix')
Limitations
The log source picker in Advanced Search has the following limitations:
- Even if you have access permissions to Remote Appliances in a Management Station setup, you cannot select specific Remote Appliances in the log source picker.
- In the generated query, only the system columns are displayed in the results and in the Columns panel, and you can filter the results by the system columns. To make other data model columns available for filtering or parsing, you must replace the
system data model with the appropriate one in the search query. For example:
USE Other_UNIX | sys_device IN ('::ffff:127.0.0.1_otherUnix','::ffff:10.128.132.92_otherUnix')
For steps about how to use the log source picker and how to create a dynamic rule, see Selecting Log Sources.
Copyright © Cloud Software Group, Inc. All rights reserved.