Topics

| pdf version

About the Splunk Admin Manual

How Splunk Works

Getting Started

Data Inputs

Data Distribution

Indexing

Timestamps

Fields

Hosts

Source Types

Event Types

Transaction Types

Search

Distributed Search

Alerts

Security

Data Management

Deployment Server

Performance Tuning

Configuration Files

Applications

Reference

Troubleshooting


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Save event types via Splunk Web

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13

Save event types via Splunk Web

Most searches can be saved as an event type. There can be multiple event types for an event. You cannot create an event type with searches specifying an index, hosttag, eventtypetag, sourcetype or the pipe operator. Any event types you create through Splunk Web are automatically added to $SPLUNK_HOME/etc/system/local/eventtypes.conf.


Configuration

To save a search as an event:

  • Type the search in the search box.
  • Click the arrow to the left of the search box.
  • Click Save as event type...

The Save Event Type dialog box will pop up, pre-populated with your search terms.

  • Name the event type.
  • Optionally add an event type tag (you can add more than one tag, comma-separated).
  • Click the Save button.

You can now use your event type in searches:

eventtype=fooSearch
Retrieved from "http://www.splunk.com/base/Documentation/3.3.1/Admin/SaveEventTypesViaSplunkWeb"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.