Define event types in Splunk Web

1: 先看到这样一个界面，是不是就想把status=200, 和非200 的 event 区别出来：

 2: 那么用上event type 就再好不过啦：

Steps:

Saving a search as an event type

1. In the Search view, run a search.

2. Click Save As and select Event Type.

3. Give the event type a unique Name.

4. (Optional) Add one or more comma-separated Tag(s).
   
   You can apply the same tag to event types that produce similar results. A search that is just on that tag returns the set of events that collectively belong to those event types.

5. (Optional) Select a Color.
   
   This causes a band of color to appear at the start of the listing for any event that fits this event type. For example, this event matches an event type that has a Color of Purple.

   

   
   You can change the color of an event type (or remove its color entirely) by editing it in Settings.

6. (Optional) Give the event type a Priority.
   Priority affects the display of events that match two or more event types. 1 is the best Priority and 10 is the worst. See About event type priorities.

7. Click Save to save the new event type.
   
   You can access the list of event types that you and other users have created at Settings > Event types.

Any event type that you create with this method also appears on the Event Types listing page in Settings. You can update the event type in the Event Types listing page.

参考文档：Define event types in Splunk Web - Splunk Documentation

利用 eventtype, 注意，不是source type, 就是对事件进行过滤，分类的条件可以在 search 语句中先体现出来：