The Splunk search processing Language supports AND, OR and NOT Boolean operators. These operators must be capitalized. Splunk Boolean operators have an order of operations just like the math operators do. When the order of Boolean expressions in Splunk is evaluated, the precedence is given to terms within the parentheses. If you are using the expression with the SEARCH command and expressions are within the parentheses, the order should be NOT, OR, and AND. On the other hand, if you are using the expression with the WHERE command and expressions are within the parentheses, the order should be NOT, AND, and OR.