From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Join today to access over 25,500 courses taught by industry experts.
Module overview - Splunk Tutorial
From the course: Splunk Core Certified User (SPLK-1001) Cert Prep
Module overview
Now, when you index data into Splunk, ideally you want the data to be in the form of field name value pairs, because this makes searching much easier. Now, during indexing we saw that you can extract metadata fields like the index, the host, the source and the source type. So if you specify this in searches, all of a sudden, you narrow down your searches. Instead of just running a base search that can pull from all the indexes that are whitelisted for you, you can actually specify an index in your search. You can specify a source type. You can specify a host and whatnot. But at search time, there are also ways that you can use to extract fields from your data. Field extractions from data at search time is not part of this Splunk or Certified User course. So this is going to be discussed in the Splunk course certified power user course. So in this module, we are going to see how we can search with field name value pairs in Splunk. We're going to start the module with an overview of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.