Using Fields is a Splunk Education course that explores how Splunk identifies, extracts, and uses fields to make machine data searchable and meaningful.
What You Will Learn
- Understand how Splunk automatically extracts default and key-value pair fields
- Use the Fields sidebar, fieldsummary, and fieldformat commands effectively
- Differentiate between index-time and search-time field extraction and when to use each
- Use the Field Extractor tool to create custom field extractions from sample events
- Apply field filtering and field aliasing to normalize data across multiple sourcetypes
Who Should Attend
Splunk users and knowledge managers who want to understand and control how fields are extracted and used across their Splunk deployment.
Prerequisites
Completion of Splunk Fundamentals 1 or equivalent working experience with Splunk search.
