Using Fields

Duration : 1 Day (8 Hours)

Using Fields Course Overview:

This course is designed for power users aiming to enhance their expertise in working with fields within search operations. It encompasses critical topics such as the role and significance of fields in search functions, techniques for discovering relevant fields, effective utilization of fields in searches, differentiation between persistent and temporary fields, and the integration of fields from external data sources to augment search results. By the course’s conclusion, participants will have gained an in-depth understanding of field-related concepts, enabling them to maximize their search efficiency.

Intended Audience:

  • Power users of Splunk
  • Individuals who want to enhance their understanding of fields and their usage in searches
  • Those interested in field discovery and how it impacts search results
  • Users looking to improve their search performance by using fields effectively
  • Those seeking to differentiate between temporary and persistent fields
  • Individuals interested in enriching data through various field-related techniques, including lookups, calculated fields, field aliases, and field extractions.

Learning Objectives of Using Fields:

  • Introduction to Splunk’s interface
  • Basic searching
  • Using fields in searches
  • Search fundamentals
  • Transforming commands
  • Creating visualizations
  • Creating reports and dashboards
  • Identifying types of knowledge objects
  • Field discovery and utilization
  • Enriching search results with fields from other data sources.

Topic 1 – What are Fields?

  • Define fields and field auto-extraction
  • Explore the Fields sidebar
  • Add fields to the Selected Fields list
  • Explore and generate reports from the Fields window

Topic 2 – What is Field Discovery?

  • Understand Field Discovery
  • Explore search modes and their effect on search results

Topic 3 – Use Fields in Searches

  • Use fields correctly in basic searches
  • Use fields with operators
  • Use the rename command
  • Use the fields command to improve search performance

Topic 4 – Compare Temporary versus Persistent Fields

  • Differentiate between temporary and persistent fields
  • Create temporary fields with the eval command
  • Extract temporary fields with the erex and rex commands

Topic 5 – Enrich Data

  • Understand how fields from lookups, calculated fields, field aliases, and field extractions enrich data

Using Fields Course Prerequisites:

To be successful in this course, students should have completed the following prerequisite courses:

  • Search Under the Hood
  • Multivalue Fields
  • Creating Knowledge Objects

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.