Splunk Recipes: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 11: Line 11:
</pre>
</pre>


Field names '''are case sensitive'''. Field values are not case sensitive.  
Field names '''are case sensitive'''. Field values are not case sensitive.


Wildcards can be used in field values.  
Quotation marks are required when the field values include spaces.


Quotation marks are required when the field values include spaces.
Wildcards can be used in field values:
 
<pre>
field_name="prefix*"
</pre>

Revision as of 16:10, 21 September 2016

Internal

Searching with Fields

When searching for a specific field, use the following syntax: 

field_name="field value"

Field names are case sensitive. Field values are not case sensitive.

Quotation marks are required when the field values include spaces.

Wildcards can be used in field values: 

field_name="prefix*"
Retrieved from "https://kb.novaordis.com/index.php?title=Splunk_Recipes&oldid=11251"