Which are valid ways to create an event type? (select all that apply)

Which are valid ways to create an event type? (select all that apply)
A . By using the searchtypes command in the search bar.
B . By editing the event_type stanza in the props.conf file.
C . By going to the Settings menu and clicking Event Types > New.
D . By selecting an event in search results and clicking Event Actions > Build Event Type.

View Answer

Answer: C, D

Explanation:

Event types are custom categories of events that are based on search criteria. Event types can be used to label events with meaningful names, such as error, success, login, logout, etc. Event types can also be used to create transactions, alerts, reports, dashboards, etc. Event types can be created in two ways:

By going to the Settings menu and clicking Event Types > New. This will open a form where you can enter the name, description, search string, app context, and tags for the event type.

By selecting an event in search results and clicking Event Actions > Build Event Type. This will open a dialog box where you can enter the name and description for the event type. The search string will be automatically populated based on the selected event.

Event types cannot be created by using the searchtypes command in the search bar, as this command does not exist in Splunk. Event types can also be created by editing the event_type stanza in the transforms.conf file, not the props.conf file.