SPLK-1002 Question #193: Real Exam Question with Answer & Explanation

Question

How is an event type created from the search window? (select all that apply)

Options

• AIn the top right corner, click Save As > Event Type.
• BIn an event's detail dropdown, click Event Actions > Build Event Type.
• CEdit eventtypes.conf and add a new stanza.
• DAdd | eventtype to the SPL and execute the search.

Explanation

In Splunk, you can create an event type from the search window by running a search that would make a good event type, then clicking Save As and selecting Event Type. This opens the Save as Event Type dialog, where you can provide the event type name and optionally apply tags to it. You can also create an event type by editing the eventtypes.conf file and adding a new stanza. Each stanza in the eventtypes.conf file represents an event type. The stanza name is the name of the event type, and the search attribute specifies the search string that defines the event type. It's important to note that while you can use the eventtype command in a search to find events associated with a specific event type, adding | eventtype to the SPL and executing the search does not create a new event type. Similarly, clicking Event Actions > Build Event Type in an event's detail dropdown does not create a new event type.

No community discussion yet for this question.