A searchable name/value pair in Splunk Enterprise event data. Splunk Enterprise extracts specific default fields from your data, including host, source, and sourcetype. You can also set up Splunk Enterprise to create search time or index time field extractions, for example, using the field extractor or the rex command. Use tags or aliases to change the name of a field or to group similar fields together. Field names are case-sensitive.

For more information

In the Knowledge Manager Manual: