What command in SPL is used to retrieve a specific field's values?

The command used in SPL to retrieve a specific field's values is "fields." This command is specifically designed to include or exclude fields when processing search results. When using the fields command, you can specify the field names you want to see in your results, making it a powerful tool for narrowing down the data you are working with. For instance, if you only want to view the "user" and "status" fields of your log entries, you can use the fields command to display just those, helping to focus your analysis on relevant information.

The other options do not serve the same purpose. The select command is associated with SQL and not applicable in SPL for retrieving field values. The filter command, while related to narrowing down data, does not specifically retrieve field values but rather limits the dataset based on criteria. The extract command is used for pulling out field values from unstructured data but is not directly used to retrieve specific field values in search results. Thus, "fields" is the correct choice when looking to focus on particular fields in your Splunk search results.