How to do it...

Follow these steps to define an event type and associated tag:

1. Log in to your Splunk server.

1. From the home launcher in the top right-hand corner, click on the Settings menu item and then click on the Event types link:
   
2. Click on the New button.
3. In the Destination App dropdown, select search. Enter HttpRequest-Success in the Name field. In the Search string text area, enter sourcetype=access_combined status=2*. In the Tag(s) field, enter webserver and then click on Save:
   
4. The event type is now created. To verify that this worked, you should now be able to search by both the event type and the tag that you created. Navigate to the Splunk search screen in the Search and Reporting app and enter the following search over the Last 60 minutes time range to verify that eventtype is working:

eventtype="HttpRequest-Success"  

1. Enter the following search over the Last 60 minutes time range to verify that the tag is working:

tag="webserver"