3 Replies Latest reply on Nov 2, 2016 4:57 AM by rcar

    Group Log Sources by tag/type (receiver independent) for reporting

    rcar

      Hi all,

       

      I need to group several log sources (syslog) from different receivers to generate a customized report.

      The "Device Type Summary" view already available would be a good solution but it doesn't fit since I have my own customized grouping requirements (for instance Vendor or Product).

      • I thought about using "User Defined data source entries" but even if i want to use it, i have more than 10 different groups so it wouldn't work also.
      • I tried to create a customized "Display" but it doesn't work also because i can't filter by Vendor or Product.

       

      Any suggestion is appreciated