You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wanted to add a common field to be able to make the log source panel fill out and have all my log sources. I built a custom pipeline that takes sets observer.name to host.name or agent.name or leaves it alone if there is already an observer.name field.
I attached that pipeline to fleet.final and it runs well and does everything I ask.
The only weird thing is that logs specifically under the 'endpoint' module cannot be searched on that field, even though the field is present. It just comes back as no logs found. See below pics. I am currently just setting the field from within the fleet.final as a test but the behavior is the same.
I was hoping you could tell me what I am missing / doing wrong. Thank you!!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey guys,
I wanted to add a common field to be able to make the log source panel fill out and have all my log sources. I built a custom pipeline that takes sets observer.name to host.name or agent.name or leaves it alone if there is already an observer.name field.
I attached that pipeline to fleet.final and it runs well and does everything I ask.
The only weird thing is that logs specifically under the 'endpoint' module cannot be searched on that field, even though the field is present. It just comes back as no logs found. See below pics. I am currently just setting the field from within the fleet.final as a test but the behavior is the same.
I was hoping you could tell me what I am missing / doing wrong. Thank you!!
Beta Was this translation helpful? Give feedback.
All reactions