Selecting Log Sources
If you use the log source picker to select log sources, an Advanced Search query including the selected log sources is automatically generated for you. Then you can specify the time range in the Time field and run the query.
- Procedure
- Click the Select Log Sources button to open the log source picker.
- From the
List of Log Sources pane, select the check box of the required log sources.
You can filter the list of log sources by the following parameters. After selecting a filter, type the value or select from the drop-down list to filter further:
Filter field Additional information field Device Name Enter the device name or select from the list Group Name Enter the device group name or select from the list Type Enter a source type (a specific device type) or select from the list.
In a Management Station setup, you can select Remote Appliance as the type
Collector Domain Enter the name of the collector domain. Description Enter a description of the log source. IP Address Enter the specific IP address of the log source. You can apply multiple filters by clicking the + button. Click Reset filters to clear all filters.You can also use the Search field to filter the list of devices and then select from the filtered list.
- To add the selected devices and filters to the Selected Log Sources pane, select the log sources and then click Add Selected Log Sources.
- (Optional) To add a large number of devices, you can create a dynamic rule that contains all listed devices. You can create multiple rules, if required.
- Use a filter to retrieve the list of devices.
- Click Add Filters as a Rule.
- Enter a name for the dynamic rule in the dialog box and click Create.
A dynamic rule containing the listed devices is created and displayed in the Selected log sources pane.
Note: The dynamic rules created in a Search tab can be used only in the same Search tab and until the Search tab is active. - Review the list of log sources in the
Selected log sources pane. Repeat the steps, if required, to add log sources by filters, or by selecting their check boxes, or by creating more dynamic rules.Note: You can remove selected sources or dynamic rules by clicking Delete source.
- Click Set.
If you selected remote appliances as log sources, then:
- Selecting one appliance adds
sys_concentratorId = 'IP'
in the search query; where IP is its IP address. - Selecting multiple appliances adds
sys_concentratorId IN ('IP1', 'IP2')
in the search query; where IP1 and IP2 are their IP addresses. - Using the Type filter to add all appliances adds
sys_concentratorId IN ('ALL')
in the search query; whereALL
indicates that all remote appliances and the management station are included.