Splunk Search

Alias bug that merge "NEW" word into new field

sonsee78
New Member

Hello,
I have been watching a problem when I was using alias function through the SPLUNK Web.
That problem was merged "NEW" word, both have Web and CLI.

WEB UI
Field aliases
Fields » Field aliases

Name    Field aliases   Owner   App Sharing Status  Actions
syslog : FIELDALIAS-process_to_pcs  process ASNEW pcs  admin  search Global | Permissions   Enabled Clone | Move | Delete

CLI

/opt/splunk/etc/system/local/props.conf
[syslog]
FIELDALIAS-process_to_pcs = process ASNEW pcs

Best Regards

0 Karma

sonsee78
New Member

I saw bug at the SPLUNK Enterprise version 7.3.0.

0 Karma

niketnilay
Legend

@sonsee78 use the option Overwrite field values while creating Field Alias otherwise above is expected behavior.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma