How to rename multiple field names with certain cr... - Splunk Community

Splunk Search

How do I replace the MB in each field name with GB ??

_time   XXX-XX-MB   XXX-XXX-MB  XXXXXXMB_XX_XXX
1   2017-07-30 11:00    1391.67548628852    1381.60821617188    1274.532780647
2   2017-07-30 12:00    1509.29349191985    1503.65362613860    1373.894662857

So my result would look like this:

_time   XXX-XX-GB   XXX-XXX-GB  XXXXXXGB_XX_XXX
1   2017-07-30 11:00    1391.67548628852    1381.60821617188    1274.532780647
2   2017-07-30 12:00    1509.29349191985    1503.65362613860    1373.894662857

I can already change all the field values with this command and was thinking I could do something similar with the field names.
foreach * [eval <<FIELD>>='<<FIELD>>'/1024] |

try this!

(your search)|rename *_mb* as *_gb*|foreach *_gb* [eval <<FIELD>>='<<FIELD>>'/1024]

Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open! conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor. HEC Receiver authorization ...