Splunk Recipes: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
=Searching with Fields= | =Searching with Fields= | ||
When searching for a specific field, use the following syntax: | |||
<pre> | |||
field_name="field value" | |||
</pre> | |||
Field names '''are case sensitive'''. Field values are not case sensitive. | |||
Wildcards can be used in field values. | |||
Quotation marks are required when the field values include spaces. | |||
Revision as of 16:08, 21 September 2016
Internal
Searching with Fields
When searching for a specific field, use the following syntax:
field_name="field value"
Field names are case sensitive. Field values are not case sensitive.
Wildcards can be used in field values.
Quotation marks are required when the field values include spaces.