Event type discovery

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Configure event types

Event type discovery

Instead of using auto-discovery at index time, use Splunk's new event type discovery at search time. Use this feature to create custom event types directly in Splunk Web.

Configure event types

Configure event types with the typelearner command or by choosing Discover event types from Splunk's drop-down menu.

Pipe any search to typelearner:

user=Hume | typelearner

Or choose the Discover event types... option from the Splunk drop-down menu (to the left of the search box).
Now pick Add Event Type underneath the event you want to classify as a new event type.
This will launch a new window where you can label and tag your event type.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.4.12/Admin/EventTypeDiscovery"

« Tag event types Event type templates »

This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Admin Manual

Event type discovery

Contents

Event type discovery

Configure event types

Comments