O'Reilly logo

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using event types to categorize results

An event type is essentially a simple search definition, with no pipes or commands. To define an event type, first make a search. Let's search for:

sourcetype="impl_splunk_gen" logger="AuthClass"

Let's say these events are login events. To make an event type, choose Event type... from the Create menu, as shown here:

Using event types to categorize results

This presents us with a dialog, where we can assign a Name string and optionally any Tags(s) to this event type, as shown in the following screenshot:

Using event types to categorize results

Let's name our event type login.

We can now search ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required