"The field name is case sensitive, the field value is not case sensitive." https://docs.splunk.com/Documentation/SCS/current/SearchReference/SearchCommandOverview
Field values in Splunk are case sensitive by default. Splunk treats "ABC" and "abc" as two distinct values, and they will be stored as such in the index. This means that searches or reports that are case sensitive will only match values that exactly match the case of the search term.
Field Names are case sensitive: sourcetype is correct, Sourcetype is incorrect as shown in question 51.
Field Values are case insensitive: access_combined, Access_combined and Access_Combined would work equally well.
Fields are case sensitive, but the values are not.
https://community.splunk.com/t5/Splunk-Search/Ignoring-Case-on-field-values/m-p/107813#:~:text=Splunk%20is%20not%20case%20sensitive%20when%20it%20comes,these%20searches%20would%20all%20return%20the%20same%20results%3A
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
EA88
1 week, 6 days agoSplunkie007
1 year, 5 months agofoxx99
1 year, 7 months agoThoney
1 year, 7 months agogigi2909
1 year, 7 months agoSecurityPaul
3 years, 5 months agoAvah
3 years, 7 months ago