Follow these steps to define an event type and associated tag:
- Log in to your Splunk server.
- From the home launcher in the top right-hand corner, click on the Settings menu item and then click on the Event types link:
- Click on the New button.
- In the Destination App dropdown, select search. Enter HttpRequest-Success in the Name field. In the Search string text area, enter sourcetype=access_combined status=2*. In the Tag(s) field, enter webserver and then click on Save:
- The event type is now created. To verify that this worked, ...