A user-defined field that represents a category of events. These events are united by the fact that they can all be matched by the same search string. Splunk Enterprise applies event types to the events that match them at search time.

When you run a search that returns a useful set of events, you can save that search as an event type. Later, when you use that event type in another search, you are saying that the search should use the dataset represented by that event type.

Event types are a type of knowledge object.

