Revision as of 16:14, 21 September 2016

Internal

For more details on Splunk Fields fundamentals see Splunk Concepts#Field When searching for a specific field, use the following syntax:

field_name="field value"

Field names are case sensitive. Field values are not case sensitive.

Quotation marks are required when the field values include spaces.

Wildcards can be used in field values:

field_name="prefix*"

@@ Line 5: / Line 5: @@
 =Searching with Fields=
+For more details on Splunk Fields fundamentals see [[Splunk Concepts#Field]]
 When searching for a specific field, use the following syntax: