Database Reference
In-Depth Information
Event types
An event type is a way to allow users to categorize similar events. It is field-defined by the
user. You can define an event type in several ways, and the easiest way is by using the
SplunkWeb interface.
One common reason for setting up an event type is to examine why a system has failed.
Logins are often problematic for systems, and a search for failed logins can help pinpoint
problems. For an interesting example of how to save a search on failed logins as an event
type, visit http://docs.splunk.com/Documentation/Splunk/6.1.3/Knowledge/Classi-
fyAndGroupSimilarEvents#Save_a_search_as_a_new_event_type .
Why are events and event types so important in Splunk? Because without events, there
would be nothing to search, of course. And event types allow us to make meaningful
searches easily and quickly according to our needs, as we'll see later.
Previous Page
Next Page
Splunk Essentials
Search WWH ::




Custom Search
Home