Solved: Can i rename row values

NS · ‎11-11-2020

from the table output, i want to rename row values for few fields, say for eg:

Column 1	Column 2
1	AAA
2	C
3	D
4	MMM
5	MMM
6	DDD

I want the result to look like below:

Coulmn 1	Column 2
1	Apple
2	Carrot
3	Drumstick
4	Mango
5	Mango
6	Drumstick

Basically, I have a list for mapping, Any letter begins with A to be renamed as Apple, and the ones with D to be renamed as Drumstick, and so on.

Can someone please help me? I am quite new to Splunk.

Thanks in advance.

richgalloway · ‎11-11-2020

Here's one way to do that. There may be others, perhaps including one that uses a lookup table.

| eval Column2 = case(Column2=="AAA", "Apple", Column2=="C", "Carrot", Column2=="D" OR Column2=="DDD", "Drumstick", Column2=="MMM", "Mango", 1==1, Column2)

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎11-11-2020

Here's one way to do that. There may be others, perhaps including one that uses a lookup table.

| eval Column2 = case(Column2=="AAA", "Apple", Column2=="C", "Carrot", Column2=="D" OR Column2=="DDD", "Drumstick", Column2=="MMM", "Mango", 1==1, Column2)

---
If this reply helps you, Karma would be appreciated.

NS · ‎11-13-2020

This worked perfectly, thank you.

Can you also let me know if i can categorize all the fruits in Column 2 and add a column with the total number of fruits.

I expect the result to be like this:

Category	Column 2
Fruit	Apple
Veg	Carrot
Veg	Drumstick
Fruit	Mango
Fruit	Mango
Veg	Drumstick

Your help is much appreciated.

Can i rename row values

fields

table

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!