- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to troubleshoot tagging process?
I developed my first app and am trying to integrate it into CIM using the documentations.
so far I Successfuly defined an eventtype in eventtype.conf
[my_event_type]
search = sourcetype=my_source
and when I search for this event type I get all the results:
eventtype=my_event_type
Now I continue to define tags, using this guide
My tags.conf file looks like this:
[eventtype=my_event_type]
alert = enabled
But nothing is returned when I search for:
tag=alert
Moreover when I search for all types of tags I get only one type "error" and it's count is significantly less then the eventtype amount:
sourcetype=my_source | stats count by tag
In the guide it says "Once you have tagged an event type, you can search for it in the search bar" but I can't search for the tags.
How can I troubleshoot the process?
What should I look for?
What am I missing?
thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
solved the issue. it had to do with permissions. tag should have global permissions for search app to recognize it
