How can I remove hosts from sources?
I wanna remove
LogDNASample. How can I do so?
Unfortunately, once a source has been indexed, it will appear in the Sources filter list for a few days. From a security standpoint, a log aggregator should be append-only to ensure that someone who gets unintended access to your system cannot delete the logs that show their motions through the system, so we can’t remove data that’s already been ingested.
For the sample data specifically, since it’s a one-time ingestion, it will roll off your account and disappear from that dropdown within a few days. Any source that doesn’t have new ingestion with a few days disappears from the filter dropdowns.
You can create a view, however, that doesn’t show the sample data when you begin ingesting other data until the sample data rolls off. See Creating Views and use a search that includes either
-app:”LogDNA Sample App” or
-hostname:LogDNASample to create a view that doesn’t show the sample data.
I searched for this for ever. Thanks for the workaround, but this a bit confusing.