1. uberAgent Support
  2. Community
  3. Feature Requests
New post
0

Create groups of hosts/users for splitting averages into areas with different use cases

Avatar
Andy Howat

Hi team,

For large organisations or any company with a split of areas and use cases (applications used, connection method, VIP, etc.), for the hundreds of users we can have at one time it would be really useful to group hosts and users together so one areas stats don't skew another areas. Without this option we could easily lose context and meaning to 'Average' and 'Total' information across UberAgent.

I don't have an actual idea and UI in mind for achieving it but hopefully the idea makes enough sense to explore or like previous requests, it's already in the pipeline/done! :)

 

Many thanks

Andy

Date Votes

5 comments

  • Avatar
    Timm Brochhaus Official comment

    Hi Andy, 

    there are different concepts to implement the feature you are interested in. 

    You could configure multiple indexes to split the incoming data on a per-host level. Or you can create your own dashboard in combination with custom lookup tables in Splunk. 

    You will find more detailed information here: https://support.uberagent.com/hc/en-us/articles/203440251-How-to-Separate-Data-from-Different-Types-of-Machines

    Regards, Timm

  • 0
    Avatar
    Andy Howat

    Hi Timm, 

    Thanks for the quick response. I've reviewed the links and sadly, I'm not sure these methods are appropriate for us. Ideally it would be possible to list hosts and users in a group name and be able to filter on that, keeping it all in the same instance and index.

    I'll see if there's anything else I can do with the existing tools available. 

    Is there much scope for UA to offer something solely in the UI? 

  • 0
    Avatar
    Andy Howat

    Hi again,

    Looking at the AD OU and Host 'Filter Fields' we could do something with these if the 'Filter Expression' accepted strings for multiple values:

    Filter Field: Host
    Filter Expression: LAPTOP1, LAPTOP2, DESKTOP5

    Is this feasible or perhaps already possible and I'm doing it wrong?

    Many thanks
    Andy :)

  • 0
    Avatar
    Timm Brochhaus

    Hello Andy,

    I assume that using one or more Splunk lookup tables in conjunction with your own Splunk Search Head app would meet you requirements in terms of filtering data (without changing the raw data / Splunk index). 

    Your second post on how to combine multiple values within one filter expression is covered in the following post: https://support.uberagent.com/hc/en-us/community/posts/207340565-Filter-on-multiple-hostnames

    Regards, Timm

     

  • 0
    Avatar
    Andy Howat

    Great, thank you. I was only searching 'Filter Expressions' and didn't come across that link. That certainly helps.

     

    Thanks again

    Andy

Please sign in to leave a comment.