Source Groups allow you to limit your searches to specific groups of related logs. Many Loggly customers use Source Groups to segment their development, staging, and production environments. For example, you may care if response time is slow in production but not staging or development. Other customers, such as consulting firms or gaming companies, create Source Groups for each of their clients or applications. With Loggly, you can create an unlimited number of Source Groups; they can either be unique or overlapping. You can make them based on host names, application names, or your own tags.
How To Video
Source Groups provide a flexible method of segmenting your log data. They’re flexible because they can be created on the fly from a range of criteria.
In order to set up a Source Group, visit the Source Setup section:
Each value within a given box is ORed together, and the contents of the boxes are ANDed together. For example, if you build a source group with “httpd” in the Application box and “frontend01” and “frontend02” in the hosts box, it would only show you httpd logs from frontend01 or frontend02. The equivalent query for this is “syslog.appName:httpd AND (syslog.host:frontend01 OR syslog.host:frontend02)”.
Source Groups, once configured, are available to all users of the same account. A Source Group can be selected during a search which will provide a means to narrow down the search before it’s even begun. For example, you may want to have a Source Group that only includes systems that run production applications. Or, you may want to narrow your search to your cluster of Apache servers. Only one Source Group can be applied per search query.