We have a single indexer aggregating logs from our different teams.... Server, virtualization, Network, etc..... Generally, our teams use different apps. Unfortunately, I have 2 virtualization teams, each with their own Search Head, that use the Server Virtualization App, but from different hosts. I am trying to figure out how I could filter on the respective search heads automatically so that each team sees only their hosts' data. Since the app uses custom indexes and source-types, I don't see a way to do it at index time. Any suggestions? Can this be done at search time on the search head? ... View more