Alias bug that merge "NEW" word into new field

sonsee78 · ‎06-27-2019

Hello,
I have been watching a problem when I was using alias function through the SPLUNK Web.
That problem was merged "NEW" word, both have Web and CLI.

WEB UI
Field aliases
Fields » Field aliases

Name    Field aliases   Owner   App Sharing Status  Actions
syslog : FIELDALIAS-process_to_pcs  process ASNEW pcs  admin  search Global | Permissions   Enabled Clone | Move | Delete

CLI

/opt/splunk/etc/system/local/props.conf
[syslog]
FIELDALIAS-process_to_pcs = process ASNEW pcs

Best Regards

sonsee78 · ‎06-27-2019

I saw bug at the SPLUNK Enterprise version 7.3.0.

niketn · ‎06-27-2019

@sonsee78 use the option Overwrite field values while creating Field Alias otherwise above is expected behavior.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Alias bug that merge "NEW" word into new field

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?