Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to rename field names using lookups and regex?

shikhanshu
Path Finder
‎09-25-2014 07:38 AM

I wish to rename fields. But not as straightforward as:

rename prefix_* as *

For a field name "prefix_some_field_name", I want to rename as "Some Field Name". This needs regex substitution

For a field name "prefix_sm_shrthnd_txt", I want to rename as "Some Shorthand Text", ofcourse I will define the lookup of "sm_shrthnd_txt" to "Some Shorthand Text", but where? And how do I use that lookup in rename operation?

I have used lookups and regex in field value manipuation, but not field names! Any ideas?

Reply

ulrich_track
Path Finder
‎09-25-2014 07:48 AM

Would it be sufficient for you, if you used the rename command in your search?

E.g. rename prefix_sm_shrthnd_txt AS "Some Shorthand Text"

Unfortunately, this would mean that you would have to rename your complete list in the search field and not use a lookup (depends on the number of entries, you would have here)

0 Karma
Reply

shikhanshu
Path Finder
‎09-25-2014 07:54 AM

That was my first thought as well. But I have way too many fields to do this manually in each report.

Is there documentation on how to define and use lookups for field renaming? I tried finding in Splunk Docs but couldn't get anywhere. And also regex renaming (like replace _ with space, make first letter capital for each word etc.)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top