Topics

| pdf version

How Splunk Works

Getting Started

Configuring a Splunk Deployment

Data Inputs

Hosts

Source Types

Timestamp Recognition

Events

Event Types

Meta Events

Fields

Segmentation

Saved Searches and Alerts

Authentication

Data Distribution

Granular Access Control

Distributed Search

Deployment Server

Index Management

Bundles

SplunkBase

Performance Tuning

Routine Maintenance

How-To

Troubleshooting

Reference


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Save event types via SplunkWeb

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4

Save event types via SplunkWeb

Most searches can be saved as an event type. There can be multiple event types for an event. You cannot create an event type with searches specifying an index, hosttag, eventtypetag, sourcetype or the pipe operator.


Configuration

To save a search as an event:


  • Type the search in the search box.
  • Click the arrow to the left of the search box.
  • Click Save as event type...

Image:30_admin9_eventtypeweb-saveevent.jpg


The Save Event Type dialog box will pop up, pre-populated with your search terms.


Image:30_admin9_eventtypeweb-saveeventtype.jpg


  • Name the event type.
  • Optionally add an event type tag.
  • Click the Save button.

You can now use your event type in searches:


eventtype=fooSearch

Example

For a detailed guide on best practices for creating event types in Splunk, check out this how to on Splunkbase.

Retrieved from "http://www.splunk.com/base/Documentation/3.0/Admin/SaveEventTypesViaSplunkWeb"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.