Splunk Recipes: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 22: | Line 22: | ||
field_name="prefix*" | field_name="prefix*" | ||
</pre> | </pre> | ||
=Search Syntax= | |||
Expression involving fields are explained above in [[#Searching_with_Fields#Searching with Fields]]. |
Revision as of 16:19, 21 September 2016
Internal
Searching with Fields
For more details on Splunk Fields fundamentals see Splunk Concepts - Fields.
When searching for a specific field, use the following syntax:
field_name="field value"
Field names are case sensitive. Field values are not case sensitive.
Quotation marks are required when the field values include spaces.
Wildcards can be used in field values:
field_name="prefix*"
Search Syntax
Expression involving fields are explained above in #Searching_with_Fields#Searching with Fields.