tag

noun

A knowledge object that enables you to efficiently search for events that contain particular field values. You can assign one or more tags to any field/value combination, including event types, hosts, sources, and source types.

Tags enable you to:

• Track abstract field values like IP addresses or ID numbers. For example, you could have a number of field values related to your home office, including an IP address such as 192.168.1.2. You could tag these values "homeoffice" and then search on tag=homeoffice to find all the events with field values that have the homeoffice tag.
• Group sets of related field values together. If you have two hosts that relate to the same computer, give them the same tag so you can search on events coming from both hosts with that tag.
• Give extracted fields multiple tags that reflect different aspects of their identity. This enables you to create tag-based searches that use boolean operators to narrow down on specific event sets.

For more information

In the User Manual:

• Tag and alias field values

In the Knowledge Manager Manual:

• About tags and aliases

• Alphabetical
• By Topic