Event types in Splunk are a way of categorizing common types of events in your data in order to make them easier to search and report on. One advantage of using event types is that they can assist in applying a common classification to similar events. Event types essentially turn chunks of search criteria into field/value pairs. Tags help you search groups of event data more efficiently and can be assigned to any field/value combination, including event types.
For example, Windows logon events could be given an event type of
windows_logon, Unix logon events could be given an event type of
unix_logon, and VPN logon events can be given an event type of
vpn_logon. We could then tag these three event types with a tag ...