Exam SPLK-1002 topic 1 question 83 discussion

C & D are correct

BCD Explanation: A. By using the searchtypes command in the search bar.: This statement is false. There is no searchtypes command in Splunk for creating event types. B. By editing the event_type stanza in the props.conf file.: This statement is true. Event types can be defined directly in the configuration files by editing the props.conf file. C. By going to the Settings menu and clicking Event Types > New.: This statement is true. Users can create a new event type through the Splunk web interface by accessing the settings menu. D. By selecting an event in search results and clicking Event Actions > Build Event Type.: This statement is true. Users can create a new event type directly from the search results by selecting an event and using the event actions menu.

1. Save as > Save as Event Type 2. Event Actions > Build Event Type 3. Setting > Event Types CD are the correct answer

C, but also D is valid (check the UI)

C and D are correct

C and D are both ways to create a new event type

C&D I think: There are two ways to create an event type after we have decided the search criteria. One is to run a search and then save it as an Event Type. Another is to add a new Event Type from the settings tab. We will see both the ways of creating it in this section.

C and d are the correct answers. You can go into into an event, on the drop down event actions button select - 'Build Event Type'

C & D are correct

answer is ACD

It's both C & D.

There are 4 ways to create an event type: 1-Using Search 2-Using Build Event Type Utility 3-Using Splunk Web 4-Configuration files (eventtypes.conf)

C and D are the right answer