https://community.splunk.com/t5/Knowledge-Management/Aliases-not-working/m-p/665980#M9781 <P>Hi All,</P> <P>I am having an issue creating an alias simply going from DestinationPort to dest_port for SysMon EventID 3</P> <P>I have tested:</P> <P>&nbsp;</P> <LI-CODE lang="markup">index=my_index source=Sysmon | eval destinationPort=dest_port</LI-CODE> <P>&nbsp;</P> <P>I have seen in Splunk TA Sysmon that there is FIELDALIAS-dest_port=DestinationPort AS dest_port</P> <P>but still cannot convert DestinationPort to dest_port at Search time.</P> <P>Any suggestions, please? There are no other apps contradicting the precedence.</P> <P>Thank you!</P> Tue, 24 Oct 2023 14:09:22 GMT DanAlexander 2023-10-24T14:09:22Z https://community.splunk.com/t5/Knowledge-Management/Aliases-not-working/m-p/665980#M9781 <P>Hi All,</P> <P>I am having an issue creating an alias simply going from DestinationPort to dest_port for SysMon EventID 3</P> <P>I have tested:</P> <P>&nbsp;</P> <LI-CODE lang="markup">index=my_index source=Sysmon | eval destinationPort=dest_port</LI-CODE> <P>&nbsp;</P> <P>I have seen in Splunk TA Sysmon that there is FIELDALIAS-dest_port=DestinationPort AS dest_port</P> <P>but still cannot convert DestinationPort to dest_port at Search time.</P> <P>Any suggestions, please? There are no other apps contradicting the precedence.</P> <P>Thank you!</P> Tue, 24 Oct 2023 14:09:22 GMT https://community.splunk.com/t5/Knowledge-Management/Aliases-not-working/m-p/665980#M9781 DanAlexander 2023-10-24T14:09:22Z https://community.splunk.com/t5/Knowledge-Management/Aliases-not-working/m-p/665996#M9782 <P>Make sure the sourcetype on your data matches that for the FIELDALIAS.</P> Tue, 24 Oct 2023 12:54:06 GMT https://community.splunk.com/t5/Knowledge-Management/Aliases-not-working/m-p/665996#M9782 richgalloway 2023-10-24T12:54:06Z https://community.splunk.com/t5/Knowledge-Management/Aliases-not-working/m-p/665998#M9783 <P>And remember that for search-time operations it's important if you have enough permissions for the app (that should not typically be the issue here but it's worth checking out if all else fails)</P> Tue, 24 Oct 2023 13:09:10 GMT https://community.splunk.com/t5/Knowledge-Management/Aliases-not-working/m-p/665998#M9783 PickleRick 2023-10-24T13:09:10Z