Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to rename field names using lookups and regex?

shikhanshu
Path Finder
‎09-25-2014 07:38 AM

I wish to rename fields. But not as straightforward as:

rename prefix_* as *

For a field name "prefix_some_field_name", I want to rename as "Some Field Name". This needs regex substitution

For a field name "prefix_sm_shrthnd_txt", I want to rename as "Some Shorthand Text", ofcourse I will define the lookup of "sm_shrthnd_txt" to "Some Shorthand Text", but where? And how do I use that lookup in rename operation?

I have used lookups and regex in field value manipuation, but not field names! Any ideas?

Reply

ulrich_track
Path Finder
‎09-25-2014 07:48 AM

Would it be sufficient for you, if you used the rename command in your search?

E.g. rename prefix_sm_shrthnd_txt AS "Some Shorthand Text"

Unfortunately, this would mean that you would have to rename your complete list in the search field and not use a lookup (depends on the number of entries, you would have here)

0 Karma
Reply

shikhanshu
Path Finder
‎09-25-2014 07:54 AM

That was my first thought as well. But I have way too many fields to do this manually in each report.

Is there documentation on how to define and use lookups for field renaming? I tried finding in Splunk Docs but couldn't get anywhere. And also regex renaming (like replace _ with space, make first letter capital for each word etc.)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...