The boolean operators in Splunk are AND, OR, and NOT operators. All these operators in Splunk should be capitalized. Boolean operations in Splunk have an order of evaluation similar to mathematical operations. In case of using expressions with the SEARCH command and expressions are within the parentheses, the order of evaluation must be NOT, OR, and AND. In case of using expressions with the WHERE command and expressions are within the parentheses, the order of evaluation must be NOT, AND, and OR.
You can learn Splunk by registering for this Splunk training program by Intellipaat.
You can watch this video on How Splunk works to get familiar with Splunk:
Back