cancel
Showing results for 
Search instead for 
Did you mean: 
rcar
Level 7

Group Log Sources by tag/type (receiver independent) for reporting

Hi all,

I need to group several log sources (syslog) from different receivers to generate a customized report.

The "Device Type Summary" view already available would be a good solution but it doesn't fit since I have my own customized grouping requirements (for instance Vendor or Product).

  • I thought about using "User Defined data source entries" but even if i want to use it, i have more than 10 different groups so it wouldn't work also.
  • I tried to create a customized "Display" but it doesn't work also because i can't filter by Vendor or Product.

Any suggestion is appreciated

0 Kudos
3 Replies
proxima
Level 10

Re: Group Log Sources by tag/type (receiver independent) for reporting

Hi,

Maybe you should try with Zone filtering (prior you have create and assign data source to this Zone).

Regards

MK

0 Kudos
rcar
Level 7

Re: Group Log Sources by tag/type (receiver independent) for reporting

,  I never thought about this solution. I will explore it and give you feedback.

​, I have already many data sources created (which are not in the Asset Manager). I tried but i couldn't include those already created in the asset manager (i.e. i can only create a new asset but i can't link it to the data sources already created). If i try to generate a new Data Source, i get (as expected) conflict of IP addresses. Any suggestion?

0 Kudos
acommons
Level 10

Re: Group Log Sources by tag/type (receiver independent) for reporting

You can tag assets in the Asset Manager and then use these tags in the Source and Destination IP filters (and maybe others).

0 Kudos