Enriched data

Naturally, when we talk about enriched data, we are talking about separating the isotopes of our data and storing them in secure storage, right? Nope! No weapons-grade data here! The term enriched data refers to adding extra context to raw data. Therefore, the data is then enriched. We will now cover event types, tags, and macros.

Event types

Event types are used to classify similar events into categories. Categorizing events is important because it can help you search through a large amount of data quickly, find patterns, or create specific alerts and searches. They are defined by users via the GUI or via the command line, or they are part of a prepackaged app. Event types can have permissions assigned to them so that only specific ...

Get Splunk Developer's Guide - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk Developer's Guide - Second Edition by Kyle Smith

Enriched data

Event types

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly