Splunk Search

Alias bug that merge "NEW" word into new field

New Member

Hello,
I have been watching a problem when I was using alias function through the SPLUNK Web.
That problem was merged "NEW" word, both have Web and CLI.

WEB UI
Field aliases
Fields » Field aliases

Name    Field aliases   Owner   App Sharing Status  Actions
syslog : FIELDALIAS-process_to_pcs  process ASNEW pcs  admin  search Global | Permissions   Enabled Clone | Move | Delete

CLI

/opt/splunk/etc/system/local/props.conf
[syslog]
FIELDALIAS-process_to_pcs = process ASNEW pcs

Best Regards

0 Karma

New Member

I saw bug at the SPLUNK Enterprise version 7.3.0.

0 Karma

Legend

@sonsee78 use the option Overwrite field values while creating Field Alias otherwise above is expected behavior.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!