|
I have been tagging hosts to aid in searching by environment, service, sub-service I would like to make a dashboard widget that lists all the services for a particular environment. Is there a search query i can use to dynamically list all tags in the system or app? |
|
This will do it: If you need to drill down, you should be able to modify the standard dashboard a bit, just to select the right field name(s). BTW, and maybe this is too late for you to consider, but I would strongly recommend for this purpose that you consider a lookup table (with a lookup on Are you suggesting the lookup table approach specifically because he's hitting metadata, as opposed to raw results? If searching against actual events, wouldn't there be a (possibly severe) performance penalty?
(18 Sep '10, 03:56)
southeringtonp ♦
It would be no worse and probably better to use lookup tables than tags.
(18 Sep '10, 09:09)
gkanapathy ♦
Thank you. Tags seemed more natural to me and i understand them already. I'll investigate the lookup table. I suspect lookup tables would be cached in RAM for it to be speedy. I can see how exporting "tag" type info from another system would be easier with a lookup table.
(20 Sep '10, 16:04)
gfriedmann
|
I think i got a little closer with |metadata type=hosts | fields host| tags| search tag::host=*| fields - host
If that is closer, now i need to figure out how to breakup the multiline, dedupe, and make the drill-down work. I'm hoping there is an easy query i'm missing.