Solved: Re: How do I rename the values in the following f...

moizmmz · ‎10-25-2018

https://drive.google.com/file/d/13tgNyaelfyPwxIvgAOA1Gn1hI628dGB2/view?usp=sharing[link text]1

I want to rename the T1FCC as Tier 1, T2FCHAC as Tier 2, T3FCCB as Tier 3, T4FCBW as Tier 4M, T4FCPW as Tier 4F.

Need it immediately, pls help!!

somesoni2 · ‎10-25-2018

You can use case statement to do so.

your current search which ends with "| stats count by evPromoId"
| eval evPromoId=case(evPromoId="T1FCC","Tier1",evPromoId="T2FCHAC","Tier 2", evPromoId="T3FCCB", "Tier 3", evPromoId="T4FCBW" , "Tier 4M", evPromoId="T4FCPW" ,"Tier 4F", true(),evPromoId)

View solution in original post

somesoni2 · ‎10-25-2018

You can use case statement to do so.

your current search which ends with "| stats count by evPromoId"
| eval evPromoId=case(evPromoId="T1FCC","Tier1",evPromoId="T2FCHAC","Tier 2", evPromoId="T3FCCB", "Tier 3", evPromoId="T4FCBW" , "Tier 4M", evPromoId="T4FCPW" ,"Tier 4F", true(),evPromoId)

moizmmz · ‎10-25-2018

Thank you!

How do I rename the values in the following field?

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Are you a member of the Splunk Community?

How do I rename the values in the following field?

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025