Which search string would only return results for an event type called successful_purchases?
Which search string would only return results for an event type called successful_purchases?
To filter search results specifically by an event type called successful_purchases, the correct format would be eventtype=successful_purchases. This format specifies that the particular event type you are searching for is named successful_purchases, ensuring that only events categorized under this type are returned.
This question was taken straight from the documentation. https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Abouteventtypes#How_event_types_work