A searchable name/value pair in Splunk Enterprise event data. Splunk Enterprise extracts specific default fields from your data, including host, source, and sourcetype. You can also set up Splunk Enterprise to create search time or index time field extractions, for example, using the field extractor or the
rex command. Use tags or aliases to change the name of a field or to group similar fields together. Field names are case-sensitive.
For more information
In the Knowledge Manager Manual: