Internal

Searching with Fields

For more details on Splunk Fields fundamentals see Splunk Concepts - Fields.

When searching for a specific field, use the following syntax:

field_name="field value"

Field names are case sensitive. Field values are not case sensitive.

Quotation marks are required when the field values include spaces.

Wildcards can be used in field values:

field_name="prefix*"

Expression involving fields are explained above in Searching with Fields.