Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Log Source Groups

You can categorize your log sources into groups to efficiently view and track your log sources. For example, you might group your log sources by functional purpose, physical location, or business unit association.

You can also use log source groups in searches and rules, instead of listing the log sources to which the search or rule applies.

You must have administrative access to create, edit, or delete groups. For more information about user roles, see the Juniper Secure Analytics Administration Guide.

Creating a Log Source Group

When you create log source groups, you can drag groups in the navigation tree to change the organization of the tree items.

  1. Click the Admin tab.

  2. In the Data Sources section, click Log Source Groups.

  3. From the navigation tree, select the group where you want to create a new group, and then click New Group.

  4. In the Group Properties window, enter a name and description. The name can be up to 255 characters in length and is case-sensitive. The description can be up to 255 characters in length.

  5. Click OK.

  6. To change the location of the new group, click the group and drag the folder to your chosen location in the navigation tree.

  7. To edit the group name or description, select the log source group and then click Edit.

Copying and Removing Log Sources

You can copy a log source to one or more groups to suit your organizational needs. When you no longer need a log source in a particular group, you can remove it. Removing a log source from a group does not delete the log source from JSA.

  1. Click the Admin tab.

  2. In the Data Sources section, click Log Source Groups.

  3. From the navigation tree, select the relevant log source group.

  4. To copy the log source, complete the following steps:

    1. In the Group Content window, select the relevant log source and click Copy.

    2. In the Choose Group window, select the group that you want to copy the log source to, and click Assign Groups.

  5. To remove the log source, complete the following steps:

    1. In the Group Content window, select the relevant log source and click Remove.

    2. In the Confirmation window, click OK.

Removing a Log Source Group

You can remove a log source group that contains log sources. If any content, such as rules or saved searches, depends on the log source group it cannot be deleted.

Removing a log source group does not delete the log sources from JSA.

  1. Click the Admin tab.

  2. In the Data Sources section, click Log Source Groups.

  3. From the navigation tree, select the group that contains the group you want to remove.

  4. In the Group Content window, select the group and click Remove.

  5. If the log source group has no dependents, in the Confirm Deletion window, click Delete.

  6. If the log source group has dependents, complete the following steps:

    1. In the Found Dependents window, click View.

    2. Delete or edit the dependents so that they do not reference the log source group. Perform these actions in the relevant areas of JSA.

    3. In the Unable to delete one or more items window, click Cancel.

    4. Return to 4.

Related Documentation