Adding a log source parsing order

You can assign a priority order for when the events are parsed by the target event collector.

About this task

You can order the importance of the log sources by defining the parsing order for log sources that share a common IP address or host name. Defining the parsing order for log sources ensures that certain log sources are parsed in a specific order, regardless of changes to the log source configuration. The parsing order ensures that system performance is not affected by changes to log source configuration by preventing unnecessary parsing. The parsing order ensures that low-level event sources are not parsed for events before more important log source.

Procedure

  1. Click the Admin tab.
  2. Click the Log Source Parsing Ordering icon.
  3. Select a log source.
  4. Optional: From the Selected Event Collector list, select the Event Collector to define the log source parsing order.
  5. Optional: From the Log Source Host list, select a log source.
  6. Prioritize the log source parsing order.
  7. Click Save.