This is not current Splunk documentation.
Splunk 3.4.2 is the latest version. Only use this page with older Splunk 2.0.x.
« Previous  |   Table of Contents   |   Next »

Splunk User Manual (Splunk v2.0)

Event Types and Tags

Tag an Event Type

Users can assign one or more tags to every event type. When you set a tag it's assigned across every index on the same server.

To tag an event type, click the menu button next to the eventtype:: value in an event.

Splunk Professional Users

Splunk Professional users without Power User or Admin status can view and search tags and look them up at Splunk Base. They can't download tags to update the local Splunk index, though.

Tags can have any value composed of letters and numbers, plus the characters _ and -. We suggest short, separate words like netscreen syn_flood, netscreen configuration and snort syn_flood. This lets you create on-the fly groups by searching for (or excluding) eventtype::netscreen or eventtype::syn_flood. That's why tagging an event type as login failure is better than login_failure.

Click Save to assign your tag(s) to the event type.

« Previous  |   Table of Contents   |   Next »

Comments

No comments have been submitted.

close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: