How do you rename rows using a CSV file?

bogdan_nicolesc · ‎10-17-2018

Hi there,

I need a way to rename rows using a file list (csv file or other file type) from a search job / dashboard.

Thank you,
Bogdan.

valiquet · ‎10-28-2018

|inputlookup mycsv | eval myrow=myoldname | fields - myoldname | outputlookup mycsv

iamarkaprabha · ‎10-28-2018

I completely agree with valiquet

bogdan_nicolesc · ‎10-29-2018

Hi valiquet,

I don't think this will gonna work because is a long list of process names and i want to rename name of the process from field .... if this make's any sense ...

I have something like this:

ProcessName Count of timestamp
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe 2
c:\program files (x86)\google\chrome\application\chrome.exe 1106273
c:\program files (x86)\google\update\googleupdate.exe 54

And i would like to have it like this:

ProcessName Count of timestamp
adobearm.exe 2
chrome.exe 1106273
googleupdate.exe 54

But also to be in live search in the dashboard.

First thought was to use a csv file because is easier to manage, but i think i could also go even deeper and edit index (?) or other file where i could find how is setting the process name (?)

Thnx.

How do you rename rows using a CSV file?

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple

Are you a member of the Splunk Community?

How do you rename rows using a CSV file?

See just what you’ve been missing | Observability tracks at Splunk University

Weezer at .conf25? Say it ain’t so!

How SC4S Makes Suricata Logs Ingestion Simple