Get full access to Implementing Splunk 7 - Third Edition and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Save As Event Type

Event types are a categorization system to help you make sense of your user-defined data fields. It simplifies searches by letting you categorize events. Event types let you classify events that have common characteristics. When your search results come back, they're checked against known event types. An event type is applied to an event at search time if that event matches the event type definition.

The simplest way to create a new event type is through Splunk Web. After you run a search that would make a good event type, click on Save As and select Event Type. This opens the Save as Event Type dialog, where you can provide the event type name and optionally apply tags to it:

Get Implementing Splunk 7 - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now