In Splunk, internal fields are special fields that are automatically added to events by Splunk and usually start with an underscore (_). One of these internal fields is _raw, which contains the full, unparsed event data as it was ingested into Splunk. It is used extensively in searches and data processing within Splunk. Other fields such as host and index are not internal fields but are default fields that help define the source and index of the data.