Source Groups

Source Groups allow you to limit your searches to specific groups of related logs. You can limit your search based on the development environments you monitor, the clients you support, or the applications you own.

You can create an unlimited number of source groups to search log data from a combination of host names, application names, or custom Tags. Hosts, applications, and tags are available in Linux Syslog logs. Tags are also located in logs sent through an HTTP/S Event Endpoint.

Configure a source group

Setup Source Group

Open the Source Groups page using one of the following methods:

• In the navigation menu, click Source Setup > Source Groups. Click Add New.

  

• In the Search or Charts pages, click the source group drop-down menu and select Create Source Groups.

  

Define Source Group

1. Enter a name and description for your source group in the Add Source Group page.

   

2. Enter the Syslog Host, HTTP Client Host, Syslog Application, or Tag information in the corresponding field to define the sources you would like to include in your source group. You can add multiple values to a single field, which allows all sources defined in that source type's field to be included. You can also define source values in more than one field, which limits the sources to only those that fit both source type definitions.

   For example, if you build a source group with httpd in the Application box and frontend01 and frontend02 in the Syslog Host box, a search using the source group would only show you only httpd logs from both frontend01 and frontend02. The equivalent query for this is syslog.appName:httpd AND (syslog.host:frontend01 OR syslog.host:frontend02).

3. Click Save.

Source groups, once configured, are available to all users in your account. If you select a source group during a search, the search results will be restricted to the logs from the selected source group. Only one source group can be applied per search query.