Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How i can rename the field output value in splunk.

hrs2019
Path Finder
‎01-14-2020 12:40 PM

how i can rename the field output value in splunk.

below is the screen short
i want to RENAME

PPN | V0.2019 |2456 TO PPN | v0.1342 |2546

want to do changes in project update field and number of users side field for PPN client.

alt text

Preview file
9 KB
0 Karma
Reply

dindu
Contributor
‎01-14-2020 01:00 PM

Hi,
You could use the eval command to achieve this.
I assume the values are hardcoded as in the question.

Please try and let us know.

 |your_search
 |eval  "Project Update"=if(Clients="PPN","v0.1342",'Project Update')
 |eval  "Number of users"=if(Clients="PPN","2546",'Number of users')
 |table Clients,"Project Update","Number of users"
0 Karma
Reply

hrs2019
Path Finder
‎01-14-2020 01:02 PM

Thanks @dindu no it is not hardcoded it is changing but i want to rename this time by manual.

0 Karma
Reply

to4kawa
Ultra Champion
‎01-14-2020 12:52 PM

what's v0.1342?
are you goiog to copy client PPN's values to CNB?

...
| eval "Project Update"=if(Client="CNB","v0.1342",'Project Update')
| eval "Number of users"=if(Client="CNB",2546,'Number of user')

If you want to change the field values, that's it.

0 Karma
Reply

hrs2019
Path Finder
‎01-14-2020 12:57 PM

sorry @to4kawa i have corrected the question it is PPN not CNB and v0.1342 is kind of version (updates)

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...