O'Reilly logo

Implementing Splunk - Second Edition by James D Miller, Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using event types to categorize results

An event type is essentially a simple search definition, with no pipes or commands.

To define an event type, first make a search. Let's search for the following:

sourcetype="impl_splunk_gen_SomeMoreLogs" logger=AuthClass

Let's say these events are login events. To make an event type, choose Settings and then Event types, as shown in the following screenshot:

Using event types to categorize results

This presents us with the Event types page where we view existing event types and, as we want to do here, create a new event:

Using event types to categorize results

Image showing the Splunk Event ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required