How can I index logs from different source types in the same index?
Let's say Network ABC is having one AD and one Firewall. Now I want to create an index ABC and want to index logs from both different hosts in ABC instead of two different indexesfor each host.
That's the idea - to have an index with multiple sourcetypes ; -)
A bit more complex situation ...
For example -
[monitor:///var/log/app/\w+.log*]
sourcetype = log4j
index = main
[monitor:///var/log/app/\w+-(web|req).log*]
sourcetype = access_common
index = main
[monitor:///var/log/app/\w+-billing.log*]
sourcetype = custom_billing
index = billing
It's from how to assign index and sourcetype to multiple different file types that live in the same directory
That's the idea - to have an index with multiple sourcetypes ; -)
A bit more complex situation ...
For example -
[monitor:///var/log/app/\w+.log*]
sourcetype = log4j
index = main
[monitor:///var/log/app/\w+-(web|req).log*]
sourcetype = access_common
index = main
[monitor:///var/log/app/\w+-billing.log*]
sourcetype = custom_billing
index = billing
It's from how to assign index and sourcetype to multiple different file types that live in the same directory