Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do I implement multiple rename commands based ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I implement multiple rename commands based on user input
actionabledata
Path Finder
07-24-2021
07:49 PM
I have a single algorithm with 2 methods. Each method produces the same type of data but with different fields names to keep them separated. The dashboard charts depend on which method the user selects in a menu.
Essentially I create interim results for both methods but desire to change the names to the field names used in the subsequent code.
[Q] What is a more efficient method of performing the "Big Switch" in the run anywhere code below?
| makeresults 5
| rename comment AS "-----------------------------------------------------------------"
| rename comment AS "User Menu Selection"
| eval switch="A"
| rename comment AS "-----------------------------------------------------------------"
| rename comment AS "Algorithm element2"
| eval calcMethod1_field1="1"
| eval calcMethod1_field2=2
| eval calcMethod1_field3=3
| eval calcMethod1_field4=4
| eval calcMethod1_field5=5
| rename comment AS "-----------------------------------------------------------------"
| rename comment AS "Algorithm element2"
| eval calcMethod2_field1="1sub"
| eval calcMethod2_field2="2sub"
| eval calcMethod2_field3="3sub"
| eval calcMethod2_field4="4sub"
| eval calcMethod2_field5="5sub"
| rename comment AS "-----------------------------------------------------------------"
| rename comment AS " Big Switch "
| rename comment AS "-----------------------------------------------------------------"
| rename comment AS "This is the big switch before entering a stats command"
| rename comment AS "Intent is to rename several fields depending on switch value"
| eval fieldnameforstats_field1=case(switch=="A",calcMethod1_field1,switch=="B",calcMethod2_field1)
| eval fieldnameforstats_field2=case(switch=="A",calcMethod1_field2,switch=="B",calcMethod2_field2)
| eval fieldnameforstats_field3=case(switch=="A",calcMethod1_field3,switch=="B",calcMethod2_field3)
| eval fieldnameforstats_field4=case(switch=="A",calcMethod1_field4,switch=="B",calcMethod2_field4)
| eval fieldnameforstats_field5=case(switch=="A",calcMethod1_field5,switch=="B",calcMethod2_field5)
| fields - _time
| table fieldnameforstats_field*
Get Updates on the Splunk Community!
Application management with Targeted Application Install for Victoria Experience
Experience a new era of flexibility in managing your Splunk Cloud Platform apps! With Targeted Application ...
Index This | What goes up and never comes down?
January 2026 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination
The Power of Two: Splunk + Cisco at "Ludicrous Scale"
You know Splunk. You know Cisco. But have you seen ...
