Enriched data
Naturally, when we talk about enriched data, we are talking about separating the isotopes of our data and storing them in secure storage, right? Nope! No weapons-grade data here! The term enriched data refers to adding extra context to raw data. Therefore, the data is then enriched. We will now cover event types, tags, and macros.
Event types
Event types are used to classify similar events into categories. Categorizing events is important because it can help you search through a large amount of data quickly, find patterns, or create specific alerts and searches. They are defined by users via the GUI or via the command line, or they are part of a prepackaged app. Event types can have permissions assigned to them so that only specific roles can view or edit them. Defined event types will show up in the user's Field List during a search in the GUI and, as such, can be modified and searched just as a normal field can be. Event types are defined by a Splunk search. Let&apos...
