Back to Floor
The Factory • Room 3
Event Types vs Tags
* **Event Types** group essentially identical events together using a saved Splunk search (e.g., `sourcetype=cisco:asa action=blocked` becomes `eventtype=firewall_block`).
* **Tags** apply keyword labels to specific field-value pairs (e.g., tagging `host=10.0.0.1` as `webserver`).
They can work together! You can even tag an Event Type.
Knowledge Check
Prove your understanding to clear the room (Rewards XP)
Differentiate between Event Types and Tags.
An Event Type categorizes events using a ______ string, while a Tag applies a ______ label to a specific ______ pairing.