Selecting Log Sources

If you use the log source picker to select log sources, an Advanced Search query including the selected log sources is automatically generated for you. Then you can specify the time range in the Time field and run the query.

    Procedure
  1. Click the Select Log Sources button to open the log source picker.
  2. From the List of Log Sources pane, select the check box of the required log sources.

    You can filter the list of log sources by the following parameters. After selecting a filter, type the value or select from the drop-down list to filter further:

    Filter fieldAdditional information field
    Device NameEnter the device name or select from the list
    Group NameEnter the device group name or select from the list
    Type

    Enter a source type (a specific device type) or select from the list.

    In a Management Station setup, you can select Remote Appliance as the type

    Collector DomainEnter the name of the collector domain.
    DescriptionEnter a description of the log source.
    IP AddressEnter the specific IP address of the log source.
    You can apply multiple filters by clicking the + button. Click Reset filters to clear all filters.

    You can also use the Search field to filter the list of devices and then select from the filtered list.

  3. To add the selected devices and filters to the Selected Log Sources pane, select the log sources and then click Add Selected Log Sources.
  4. (Optional) To add a large number of devices, you can create a dynamic rule that contains all listed devices. You can create multiple rules, if required.
    1. Use a filter to retrieve the list of devices.
    2. Click Add Filters as a Rule.
    3. Enter a name for the dynamic rule in the dialog box and click Create.

    A dynamic rule containing the listed devices is created and displayed in the Selected log sources pane.

    Note: The dynamic rules created in a Search tab can be used only in the same Search tab and until the Search tab is active.
  5. Review the list of log sources in the Selected log sources pane. Repeat the steps, if required, to add log sources by filters, or by selecting their check boxes, or by creating more dynamic rules.
    Note: You can remove selected sources or dynamic rules by clicking Delete source.
  6. Click Set.
ResultA search query that includes the selected log sources is automatically generated and displayed in the search field.

If you selected remote appliances as log sources, then: 

  • Selecting one appliance adds sys_concentratorId = 'IP' in the search query; where IP is its IP address.
  • Selecting multiple appliances adds sys_concentratorId IN ('IP1', 'IP2') in the search query; where IP1 and IP2 are their IP addresses.
  • Using the Type filter to add all appliances adds sys_concentratorId IN ('ALL') in the search query; where ALL indicates that all remote appliances and the management station are included.
What to do next Specify the time range in the Time field and then click the Run button to run the query.