Splunk Search

Managing Eventtypes and Tags

Yancy
Path Finder

Any recommended best practices for managing eventtypes and their corresponding tags?

I've found the Splunk Common Information Model to be fairly helpful in starting a taxonomy.

I've also been using the following search to review events and their tags

*  | dedup eventtype | fields eventtype, tag::eventtype

Any other recommendations, best practices, thoughts?

0 Karma
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

Why not just use the event types admin page?

http://localhost:8000/en-US/manager/search/saved/eventtypes

(adjust the base URL for your Splunk install, of course).

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

Why not just use the event types admin page?

http://localhost:8000/en-US/manager/search/saved/eventtypes

(adjust the base URL for your Splunk install, of course).

Yancy
Path Finder

Thanks gkanapathy!

I forgot all about this. I was thinking along the lines of a report of some sort (maybe similar to eventtyper), but this will help.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...