How can I use source category?

Comments

3 comments

  • Avatar
    Mario Sanchez
    Rok,This is the bread and butter of how you want to create your searches, build dashboards, etc. To use Source Category in your query, simply reference it like this: _sourceCategory=prod/Apache/Access Good news is that you can use wildcards as well, so fro example: _sourceCategory=prod/Apache/* and "127.3.56.7" Would return all log messages from both Apache Access and Apache Error that contain the ip address 127.3.56.7 Hope this helps!Cheers,Mario
    0
    Comment actions Permalink
  • Avatar
    Rok Carl
    I see that my question wasn't clear about what I'd like to achieve.I know how to use the source category in searches and filtering. What I don't know is how to put the source category in the results. For example, let's say I have two source categories: apache/customer1 and apache/customer2 and I want to count the number of requests per customer. The end result would be the following: apache/customer1 1645apache/customer2 5801
    0
    Comment actions Permalink
  • Avatar
    Mario Sanchez
    Apologies for the misunderstanding. =) _sourceCategory is a field you can use like any other parsed field. In your case, your query would have a line like this: | count requests by _sourceCategory Cheers,Mario
    0
    Comment actions Permalink

Please sign in to leave a comment.