Documentation > Splunk > Admin Manual > Save event types via SplunkWeb

Admin Manual

 


Getting Started
How Splunk Works
Configuring a Splunk Deployment
Data Inputs
Hosts
Source Types
Timestamp Recognition
Events
Event Types
Meta Events
Fields
Segmentation
Saved Searches and Alerts
Authentication
Granular Access Control
Data Distribution
Distributed Search
Deployment Server
Index Management
Bundles
SplunkBase
Performance Tuning
Routine Maintenance
How-To
Troubleshooting
Reference

Save event types via SplunkWeb

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Save event types via SplunkWeb

Most searches can be saved as an event type. There can be multiple event types for an event. You cannot create an event type with searches specifying an index, hosttag, eventtypetag, sourcetype or the pipe operator.


Configuration

To save a search as an event:


30 admin9 eventtypeweb-saveevent.jpg


The Save Event Type dialog box will pop up, pre-populated with your search terms.


30 admin9 eventtypeweb-saveeventtype.jpg


You can now use your event type in searches:


eventtype=foo

Example

For a detailed guide on best practices for creating event types in Splunk, check out this how to on Splunkbase.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.0.2/Admin/SaveEventTypesViaSplunkWeb"

This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.