Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to rename column values when making a chart

sakeebhossain
Explorer
‎04-28-2017 07:12 AM

I have a table which has a store_id, a shopper_id. For example (1, 5231). Each store_id corresponds to a the store name, i.e. For store_id, 1 refers to Walmart, 2 refers to Whole Food and 3 refers to Costco.

If I want to see how many shoppers each store has. If I do the query

source=SHOPER_AUDIT | top store_id

then I get what I want. However, the Y-axis store has store_id as 1,2 or 3. I want to rename them to Walmart, Whole Foods and Costco, respectively. Is it possible to do this?

Reply

HeinzWaescher
Motivator
‎04-28-2017 07:47 AM

Try to add this at the end of your search

| replace 1 WITH "Walmart" , 2 WITH "WholeFood" , 2 WITH "Costco" IN store_id
Reply

bcdady
Explorer
‎07-26-2019 11:41 AM

Thanks for this reminder @HeinzWaescher. I'm working on a search/report, in which I already use replace with a wildcard to remove some redundant / superfluous text, but I hadn't yet used it like this.
This is just what I needed to improve my timechart!

0 Karma
Reply

adonio
Ultra Champion
‎04-28-2017 07:20 AM

use a lookup table? create a basic lookup that looks like this
store_id, store_name
1,walmart
2,costco
3,blah
read this docs here and follow through
http://docs.splunk.com/Documentation/Splunk/6.5.3/Knowledge/Addfieldsfromexternaldatasources

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...