We have 10 different sites and I would like to create a group for each site.
For example, I want to add SITE-A devices in SITE-A group and SITE-B devices in SITE-B group to be visible.
Please help, thanks!
One way to do this is to create and automatic lookup. The structure of the CSV would be like so:
host, group host1, group1 host2, group1 host3, group1 host4, group2 host5, group3
With an automatic lookup, everytime you search on a sourcetype, the "group" field will be automatically added to every event.
Hope this helps
I need to identify 192.168.100.1 as Texas_Firewall and 192.168.200.1 as California_Firewall.
This is what I am trying to accomplish.
And later if in future there are more firewalls in Texas I can simply add them to the Texas_Firewall group or whatever it is.
I am also quite not sure how can I be able to write the query at this point but need to accomplish first task first.
All the best