It would be nice to assign event types to host variables.
For example: I have an event called syslog, which querries my syslog logs in my filebeat index. As this is linux only, I would like to "assign where match ("linux",host.vars.os). So every != linux host won't have this event selectable.
It would be nice to assign event types to host variables. For example: I have an event called syslog, which querries my syslog logs in my filebeat index. As this is linux only, I would like to "assign where match ("linux",host.vars.os). So every != linux host won't have this event selectable.