Splunk – best practices

Command is case sensitive only if it’s specific to keyword in a action ex: replace

Powerful keywords: moser the powerful keywords like source host source type and index are used in base search the splunk and Nguni will be more efficient