topic Re: How do I create a new field? in Security https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566434#M15584 <P>There are several ways to create a field, but <FONT face="courier new,courier">eval</FONT>&nbsp;perhaps is the most common.&nbsp; Please share your attempt so we can help determine what went wrong.</P> Thu, 09 Sep 2021 11:23:22 GMT richgalloway 2021-09-09T11:23:22Z How do I create a new field? https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566424#M15582 <P>Hey splunkers,</P><P>How do I create a new field in splunk?</P><P>&nbsp;</P><P>If I have a windows security log with "User" field and I want to call it and use it as "Account".</P><P>I tried we Eval but didn't succeed.&nbsp;</P><P>Thanks.</P> Thu, 09 Sep 2021 09:33:24 GMT https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566424#M15582 or1515 2021-09-09T09:33:24Z Re: How do I create a new field? https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566434#M15584 <P>There are several ways to create a field, but <FONT face="courier new,courier">eval</FONT>&nbsp;perhaps is the most common.&nbsp; Please share your attempt so we can help determine what went wrong.</P> Thu, 09 Sep 2021 11:23:22 GMT https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566434#M15584 richgalloway 2021-09-09T11:23:22Z Re: How do I create a new field? https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566437#M15585 <P>This is the query:<BR /><BR /></P><P>index="net" sourcetype="Okta" eventType="user.account.privilege.grant"<BR />In the log there is field called "Username".<BR />I want to change it to "User".<BR /><BR />You ask why?&nbsp;<BR />I want to write a correlation rule from 2 different indexes and I want to use the same field for both.<BR />Im waiting for an answer here:&nbsp;<A href="https://community.splunk.com/t5/Security/Correlation-rule/m-p/566419#M15581" target="_blank">https://community.splunk.com/t5/Security/Correlation-rule/m-p/566419#M15581</A></P> Thu, 09 Sep 2021 11:35:34 GMT https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566437#M15585 or1515 2021-09-09T11:35:34Z Re: How do I create a new field? https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566438#M15586 Hi<BR />try "rename Username as User"<BR />r. Ismo Thu, 09 Sep 2021 11:39:25 GMT https://community.splunk.com/t5/Security/How-do-I-create-a-new-field/m-p/566438#M15586 isoutamo 2021-09-09T11:39:25Z