I have almost 19 different indexes, which was already mentioned in my inputs.conf file. But today I got to know that the source type are not same for the same log files which are indexing daily on the real time format. But I had perform the search result always with a single source type and created a email alert notification with it. Due to different source types are available in my log files, so lot of errors are not coming in my search result and i missed those errors.
Can anyone help me out from this problem that how can I combine all source types in a single search result and extract my important fields which will be present in all source types and create a complete search result?
Please mentioned the link also if you have.
Hi @saibal6,
What about
index=your index (sourcetype="sourcetypeA" OR sourcetype="sourcetypeB" OR sourcetype="sourcetypeC" OR .....)|fields <your important fields>
Hi @renjith.nair,
I have already tried with your mentioned search and it's working properly.
But in my case I want to write a dynamic search result only for source types, so that I can easily monitor every source types very easily.
Can you help me on this matter?
How did you solve this?
Hi @tokio13
You're responding to an old thread. Some of the original contributors might not even be using community forums anymore. You'd gain more visibility if you posted a new thread with a description of your problem.
If the partial solutions presented here are relevant to your case you might include a link to this thread for reference.
Hi @saibal6,
You shall try with sourcetype=*
as well and also add one of the common fields into the search as your_field=*
so that it gets only those events which has this field. Hope this helps and please feel free to vote and accept the answer
Hi @renjith.nair,
I have already tried with this search result. It's working but my concern is my source types are not static. Data indexing in any source type randomly, so i need a dynamic search result for source type which will get the all source types.
Could you please give me any dynamic search result for different source types?
Can you post two of your searches?