Databases Reference
In-Depth Information
Some other interesting features of tags are as follows:
• Tags can be searched globally simply by using
tag=tag_name
; in this case
tag=admin
. Using this capability, you can apply any tag to any field or
event type, and simply search for the tag. This is commonly used in security
applications to tag hosts, users, and event types that need special monitoring.
• Any field or event type can have any number of tags. Simply choose the tag
editor and enter multiple tag values separated by spaces.
• To remove a tag, simply edit the tags again and remove the value(s) you
want to remove.
• Tags can also be edited in
Manager
at
Manager
|
Tags
.
Using event types to categorize results
An event type is essentially a simple search definition, with no pipes or commands.
To define an event type, first make a search. Let's search for:
sourcetype="impl_splunk_gen" logger="AuthClass"
Let's say these events are login events. To make an event type, choose
Event type...
from the
Create
menu, as shown here:
Search WWH ::
Custom Search