Events from our DEV/PROD servers are ingested into the same index. This index already has events since 1 year.
The only way to distinguish the dev and prod events is if the host contains DEV or Prod in this value.
How can I tag the events based on the host value that contains a condition?
Thank you
You first set an eventtype
with a name like dev_hosts
and set it equal to host IN("foo*", "*-dev-*", "*etc")
and then create a tag
with a name of dev_hosts
set to eventtype=dev_hosts
.
You first set an eventtype
with a name like dev_hosts
and set it equal to host IN("foo*", "*-dev-*", "*etc")
and then create a tag
with a name of dev_hosts
set to eventtype=dev_hosts
.
Can you please list the steps to achieve what you suggested.
Settings
-> Event types
-> New Event Type
Be sure to set the Tag(s)
settings.