Hi,
im trying to create tags based on two fields that i have in my logs.
1- sourcetype
2- path
The idea is that we want to show events that when we search with tag it shows results when both criterias are matched
So let say we have this log
Mon Feb 16 15:20:21 2015 action=add, path="C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\LogFiles\ReportServerService__02_16_2015_00_07_46.log", isdir=0, size=92834, gid=-1, uid=-1, modtime="Mon Feb 16 15:18:28 2015", mode="rwxrwxrwx", hash=
We want the tag to be shown when the sourcetype is File_Intergrity_Monitor
in this case, and the path is something inside "C:\Program Files\Micorosoft SQL\*
Can this be done ?
Im trying but at the moment if i create the tag it will match the sourcetype only and not the path field
Thanks
Create and eventtype for this, and associate the tag to that Eventtype. You can do this via the GUI, or via configfiles..
eventtypes.conf
[myevent]
search = index=myindex sourcetype=File_Intergrity_Monitor path="C:\Program Files\Microsoft SQL\*"
tags.conf
[eventtype=myevent]
mytagname = enabled
mytagname2 = enabled
Create and eventtype for this, and associate the tag to that Eventtype. You can do this via the GUI, or via configfiles..
eventtypes.conf
[myevent]
search = index=myindex sourcetype=File_Intergrity_Monitor path="C:\Program Files\Microsoft SQL\*"
tags.conf
[eventtype=myevent]
mytagname = enabled
mytagname2 = enabled
Thanks,
we create the eventtype based on the search and did the match based on that eventtype
Thanks again