Reference:https://answers.splunk.com/answers/4993/eventtype-vs-saved-search.html
An event type is a way to categorize events based on a search string that matches the events2. You can use
event types to simplify your searches by replacing long or complex search strings with short and simple event
type names2. An event type is more effective than a saved search when the search string needs to be used in
future searches because it allows you to reuse the search string without having to remember or type it again2.
Therefore, option C is correct, while options A, B and D are incorrect because they are not scenarios where an
event type is more effective than a saved search.

After manually editing a regular expression (regex) that was created using the Field Extractor (FX) UI, it is no
longer possible to edit the field extraction in the FX UI. The FX UI is a tool that helps you extract fields from
your data using delimiters or regular expressions. The FX UI can generate a regex for you based on your
selection of sample values or you can enter your own regex in the FX UI. However, if you edit the regex
manually in the props.conf file, the FX UI will not be able to recognize the changes and will not let you edit
the field extraction in the FX UI anymore. You will have to use the props.conf file to make any further
changes to the field extraction. Changes made manually cannot be reverted in the FX UI, as the FX UI does
not keep track of the changes made in the props.conf file. It is possible to manually edit a regex that was
created using the FX UI, as long as you do it in the props.conf file.
Therefore, only statement B is true about manually editing a regex.