I need to group several log sources (syslog) from different receivers to generate a customized report.
The "Device Type Summary" view already available would be a good solution but it doesn't fit since I have my own customized grouping requirements (for instance Vendor or Product).
Any suggestion is appreciated
Maybe you should try with Zone filtering (prior you have create and assign data source to this Zone).
, I have already many data sources created (which are not in the Asset Manager). I tried but i couldn't include those already created in the asset manager (i.e. i can only create a new asset but i can't link it to the data sources already created). If i try to generate a new Data Source, i get (as expected) conflict of IP addresses. Any suggestion?
You can tag assets in the Asset Manager and then use these tags in the Source and Destination IP filters (and maybe others).