Hi.
Since i've been using Log insight I've made the field name for every parser unique. But is that really necessary? I can think of a use case where it would be great to not have the fields be unique. for example source ip in windows firewall, IIS-logs and NSX and so on. To be able to find a specific IP address in all thoose logs at the same time would be a huge gain. I guess I could just use text search for IP address without specifying a field but the i would get other hits as well.

So how are you doing it, unique field names or do you use the same names for fields?

Regards