上QQ阅读APP看书,第一时间看更新
Save As Event Type
Event types are a categorization system to help you make sense of your user-defined data fields. It simplifies searches by letting you categorize events. Event types let you classify events that have common characteristics. When your search results come back, they're checked against known event types. An event type is applied to an event at search time if that event matches the event type definition.
The simplest way to create a new event type is through Splunk Web. After you run a search that would make a good event type, click on Save As and select Event Type. This opens the Save as Event Type dialog, where you can provide the event type name and optionally apply tags to it: