You can define a data set to provide users access to specific content.

Prerequisites

Verify that you are logged in to the VMware Aria Operations for Logs web user interface as a Super Admin user, or a user associated with a a role that has the Access control permission with Edit access level. The URL format of the web user interface is https://operations-for-logs-host, where operations-for-logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.

Procedure

  1. Expand the main menu and navigate to Management > Access Control.
  2. Click Data Sets.
  3. Click New Data Set.
  4. Enter a name and description for the data set.
  5. Click Add Filter.
    Tip: The This data set restricts other data sets check box determines how a data set should behave when combined with other data sets. For example, you have two data sets:
    Data set 1: 
    hostname contains "host"
appname contains "app"
    Data set 2: 
    severity contains "error"
    If both of these data sets are added to a role, the resulting combined data set would be: 
    (hostname contains "host" AND appname contains "app") OR (severity contains "error")
    However, if you select the This data set restricts other data sets check box for data set 2, the combined data set would be: 
    (hostname contains "host" AND appname contains "app") AND (severity contains "error")
  6. Use the first drop-down menu to select a field defined within VMware Aria Operations for Logs to filter on.
    For example, hostname.
    The list contains static fields only and excludes fields that are extracted, user shared, and fields created through event_type filters.
    Note: Numeric fields contain the additional operators =, >, <, >=, and <=, which string fields do not. These operators perform numeric comparisons. Using them yields different results than using string operators. For example, the filter response_time = 02 matches an event that contains a response_time field with a value 2. The filter response_time contains 02 does not have the same match.
  7. Use the second drop-down menu to select the operation to apply to the field selected in the first drop-down menu.
    For example, select contains. The contains filter matches full tokens: searching for the string err does not result in error as a match.
  8. In the filter box to the right of the filter drop-down menu, enter the value that you want to use as a filter.
    You can use multiple values. The operator between these values is OR. If you are using the _index field in one of the filters, the operator is AND.
    Note: The box is not available if you select the exists operator in the second drop-down menu.
  9. (Optional) To add more filters, click Add Filter.
  10. (Optional) To verify that the filter behavior is what you want, click Run in Explore Logs page, which opens an Explore Logs window with data that matches your filters.
  11. Click Save.

What to do next

Associate a data set with a user role. See Create and Modify Roles.