I have almost 19 different indexes, which was already mentioned in my inputs.conf file. But today I got to know that the source type are not same for the same log files which are indexing daily on the real time format. But I had perform the search result always with a single source type and created a email alert notification with it. Due to different source types are available in my log files, so lot of errors are not coming in my search result and i missed those errors.
Can anyone help me out from this problem that how can I combine all source types in a single search result and extract my important fields which will be present in all source types and create a complete search result?
Please mentioned the link also if you have.
I have already tried with your mentioned search and it's working properly.
But in my case I want to write a dynamic search result only for source types, so that I can easily monitor every source types very easily.
Can you help me on this matter?
You shall try with
sourcetype=* as well and also add one of the common fields into the search as
your_field=* so that it gets only those events which has this field. Hope this helps and please feel free to vote and accept the answer
I have already tried with this search result. It's working but my concern is my source types are not static. Data indexing in any source type randomly, so i need a dynamic search result for source type which will get the all source types.
Could you please give me any dynamic search result for different source types?