Splunk Search

How do I rename column name with javascript?


I have a search with generate dynamic the column name with pattern "Month - Year" eg. "October - 2018" "November - 2018" "December - 2018". However, splunk orders the column by alphabet. So, I have an idea to convert them to unix time and then convert the column name back with javascript. How do I rename column name with javascript?

Tags (1)
0 Karma
1 Solution


Hey There,

My suggestions are rooted from core Splunk functionality first rather than adding it externally.

First thing you can try is adding some functionality in your search that orders the values accordingly. Using commands like eval may help with adding logic and the flexibility to output your desired field name/ values. Here is a simple example using date_wday that you could use for your Month - Year values (To test, I looked at the Previous Week using the Time Range Picker in my local dev instance):

| stats count by date_wday 
| eval week_day = case(date_wday="sunday","0",date_wday="monday", "1", date_wday="tuesday", "2", date_wday="wednesday", "3", date_wday="thursday", "4", date_wday="friday", "5", date_wday="saturday", "6")
| sort week_day
| fields date_wday'

Another option might be to use a lookup file in your search to output field name/ values you want. The first column header would be the original field name with its list of values, and the second header would be your output field.

Let me know if this is heading towards the right direction or not we'll go from there. When in doubt I recommend using Splunk first before JS, etc.


Get Updates on the Splunk Community!

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through: An introduction to the Splunk Threat ...