Revision as of 16:19, 21 September 2016

Internal

For more details on Splunk Fields fundamentals see Splunk Concepts - Fields.

When searching for a specific field, use the following syntax:

field_name="field value"

Field names are case sensitive. Field values are not case sensitive.

Quotation marks are required when the field values include spaces.

Wildcards can be used in field values:

field_name="prefix*"

Expression involving fields are explained above in Searching with Fields.

Revision as of 16:19, 21 September 2016 (view source) Ovidiu (talk \| contribs) No edit summary ← Older edit		Revision as of 16:19, 21 September 2016 (view source) Ovidiu (talk \| contribs) (→‎Search Syntax) Newer edit →
Line 26:		Line 26:
	=Search Syntax=		=Search Syntax=

	Expression involving fields are explained above in [[#Searching_with_Fields#Searching with Fields]].		Expression involving fields are explained above in [[#Searching_with_Fields\|Searching with Fields]].