I have an index with about a quarter million logs and growing.
many logs are exactly the same except one field. ie. (only an example)
reason: "permission denied",
sometimes an identical event occurs on multiple hosts. How can i get from "What events happened on host A?" to "for each of those, what other hosts did they occur on?"
How do i view all identical events which occured on more than X different hosts, and find out which hosts those were?