A noob here, but I have a need that I cannot seem to figure out.
Due to some internal politics that are slow in getting resolved, I cannot get them to create an index by server OS or by AD OU. I am trying to filter on Windows Servers. I need to understand how to take a search that returns host names and then pipe them to a search for, say an EventID. The search that I start with is
(index=ucs) host=* (WLS_WMI MonitorName="OperatingSystem") Caption=*Server* | dedup host
Thanks in advance.
... View more