Security & the Enterprise
Much secured. So patch!

Event.conf & Tags.conf

mag85032
Engager

Hi Team,

What is Event.conf &  Tag.conf in a general term, Can someone explain with a example?

Like What it is?

Why it is used?

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@mag85032 

I hope you are asking about eventtypes.conf and tags.conf.  

Event Types:

  • Splunk event type refers to a collection of data which helps in categorizing events based on common characteristics.
  • It is a user-defined field which scans through huge amount of data and returns the search results in the form of dashboards. You can also create alerts based on the search results.

Tags:

 

  • Splunk tags are used to assign names to specific fields and value combinations.
  • It is the simplest method to get the results in pair while searching. Any event type can have multiple tags to get quick results.  
  • It helps to search groups of event data more efficiently. 
  • Tagging is done on the key value pair which helps to get information related to a particular event, whereas an event type provides the information of all the Splunk events associated with it. 
  • You can also assign multiple tags to a single value

 

 

Most popular use case where we are using event types and tags is CIM Mapping.

You can check other configuration files  form List of configuration files .

Thanks
Kamlesh Vaghela

0 Karma

mag85032
Engager

I am sorry, the question is How we can configure Eventtypes.conf and Tags.conf with SVN Subversion?

Can you explain this with some use case?

0 Karma