Solved: Change a value in the output field.

jerinvarghese · ‎07-17-2020

Hi all,

I need help in changing an output that getting from below search to be changed.

index=itsm
| stats count by Class_Type
| sort - count

Output that results is:

Can i change the output and reflect another name in the section.

Like i want "Cisco LWAPP AP Trap" to be displayed as "CISCO AP DOWN"

is that possible.

renjith_nair · ‎07-17-2020

Yes, there are different ways of doing it and depends on how many values you want to change. If there are only few, you could use simple eval

|eval Class_Type=case(Class_Type="Cisco LWAPP AP Trap","CISCO AP DOWN",1=1,Class_Type)

You can add more conditions in the case

---
What goes around comes around. If it helps, hit it with Karma 🙂

renjith_nair · ‎07-17-2020

Yes, there are different ways of doing it and depends on how many values you want to change. If there are only few, you could use simple eval

|eval Class_Type=case(Class_Type="Cisco LWAPP AP Trap","CISCO AP DOWN",1=1,Class_Type)

You can add more conditions in the case

---
What goes around comes around. If it helps, hit it with Karma 🙂

renjith_nair · ‎07-22-2020

Glad it worked. Appreciate an upvote (karma) and you may close the question by accepting as a solution 🙂

---
What goes around comes around. If it helps, hit it with Karma 🙂

Change a value in the output field.