Currently, we have indexes configured for prod, qa and dev. However, we have no way to filter data by the application/service other than using the source type and/or hostname.
Is there a way to tag the data by application rather than creating manual queries within a dashboard?
Many thanks in advance.
As @adonio mentioned, tagging is a valid option. You could also create a lookup file with a mapping of sourcetypes to applications. It may be easier to manage this if you have the Lookup File Editor app installed.
Lookups: https://docs.splunk.com/Documentation/Splunk/7.2.4/Knowledge/ConfigureCSVlookups
Lookup File Editor: https://splunkbase.splunk.com/app/1724/
As @adonio mentioned, tagging is a valid option. You could also create a lookup file with a mapping of sourcetypes to applications. It may be easier to manage this if you have the Lookup File Editor app installed.
Lookups: https://docs.splunk.com/Documentation/Splunk/7.2.4/Knowledge/ConfigureCSVlookups
Lookup File Editor: https://splunkbase.splunk.com/app/1724/
well, you did mention tag
in your question, maybe give it a shot:
https://docs.splunk.com/Documentation/Splunk/7.2.4/Knowledge/Abouttagsandaliases