Documentation > Splunk > Search Reference > findtypes

Search Reference

 


Introduction
Search Overview
Search Reference Overview
Search Commands and Functions
Search Command Reference
Custom Search Commands
Internal Search Commands
Search in the CLI

findtypes

Contents

findtypes

Synopsis

Generates suggested eventtypes.

Syntax

findtypes max=<int> [notcovered] [useraw]

Required arguments

max
Datatype: <int>
Description: The maximum number of events to return. Defaults to 10.

Optional arguments

notcovered
Description: If this keyword is used, findtypes returns only event types that are not already covered.
useraw
Description: If this keyword is used, findtypes uses phrases in the _raw text of events to generate event types.

Description

The findtypes command takes the results of a search and produces a list of promising searches that may be used as event types. At most, 5000 events are analyzed for discovering event types.

Examples

Example 1: Discover 10 common event types.

... | findtypes

Example 2: Discover 50 common event types and add support for looking at text phrases.

... | findtypes max=50 useraw

See also

typer

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the findtypes command.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/SearchReference/Findtypes"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!