Running a Targeted Index Search

Procedure

  1. Click the All Sources except LogLogic button to open the Select Source(s) window.
  2. Select log sources from the Add Log Sources pane. You can select sources by appliance, and filter by Name, Collector Domain, IP Address, Group or Type.
    • If you picked “Name”, enter a Source Name, a specific Device Name or a Name Mask. Wild cards are accepted in this field.
    • If you picked "Collector Domain", enter the name of the Collector Domain. This is the name used to identify each message sent from a specific device.
    • If you picked “IP Address”, enter a Source IP Address, a specific IP Address or an IP Address Mask. Wild cards are accepted in this field.
    • If you picked “Group”, enter a Group Name, or click the down arrow to the right of the text field and select “All” or one of the other Group names displayed in the drop-down box.
    • If you picked “Type”, enter a Source Type (a specific device type), or click the down arrow to the right of the text field and select “All” or one of the other Device Types displayed in the drop-down box
    Note: When adding a large number of devices, create a dynamic rule that contains all listed devices. To create a rule, first filter by Name or Type to retrieve the list of devices. Then click << Add filters as a rule. This creates a dynamic rule containing all listed devices, on the right pane.
  3. Enter a name for the dynamic rule in the pop-up window and click OK.
  4. Click on the sources you want in your report and then click << Add selected log sources to add the selected devices and filters to the left-hand pane.
  5. Click Set.
    The new Index Report search selection appears in the Sources row. The Index Search Sources field displays the newly added log sources.