Comparing Values is a Splunk Education course covering the use of comparison and Boolean logic in SPL to filter, classify, and evaluate events based on field values.
What You Will Learn
- Use comparison operators (=, !=, <, >) to filter events by field value
- Apply Boolean operators (AND, OR, NOT) to combine multiple conditions in searches
- Use the where command for flexible, expression-based event filtering
- Build conditional logic in eval using if(), case(), and match() functions
- Distinguish between search-time filtering and eval-time classification for performance optimization
Who Should Attend
Splunk users who want to write more precise searches and build conditional logic to classify and filter large event datasets.
Prerequisites
Basic Splunk search experience, including familiarity with field-based searching and the SPL pipeline.
