Solved: Is it possible to define eventtypes or tags direct...

HeinzWaescher · ‎05-28-2015

Hi,

is it possible to define eventtypes or tag directly to search results, so that the selected timerange is used as well as a condition?

I think it can be done by using the this kind of search string in the eventtype manager:

sourcetype=ABC eventname=error AND _time>1432684800 AND _time<1432771200

But the described scenario above would be much easier to handle.

BR

Heinz

gabec09 · ‎05-28-2015

For eventtypes, I have been doing exactly what you are describing with no issues. I use this for my time range as it is a bit easier on the eyes.

host=myhost1 sourcetype=Source1  earliest="05/28/2015:08:00:00" latest="05/28/2015:12:00:00"

gabec09 · ‎05-28-2015

For eventtypes, I have been doing exactly what you are describing with no issues. I use this for my time range as it is a bit easier on the eyes.

host=myhost1 sourcetype=Source1  earliest="05/28/2015:08:00:00" latest="05/28/2015:12:00:00"

HeinzWaescher · ‎05-29-2015

Thanks, using these time formats is a good point!

Is it possible to define eventtypes or tags directly to search results so the selected time range is used as a condition as well?