Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Modify Fields in Splunk search app

misteryuku
Communicator
‎03-27-2012 08:28 PM

For the search app, I want to modify a field called "partner" (new field added when data is sent to Splunk in receivers endpoint) with a value of "Yan Yi" and replace the "partner" field value to
"muktar".

I put in this search command in the search app,
sourcetype = " sexuality" | replace Yan Yi with muktar in partner

The search app threw an error :
[EventsViewer module] Error in 'replace' command : Usage replace[orig_str WITH new_str] + [IN field1,field2,..]

What is the issue with this? Is there any way i could correact the syntax of the search command??

Tags (3)
0 Karma
Reply

Ayn
Legend
‎03-27-2012 09:50 PM

You need to enclose "Yan Yi" in quotes.

0 Karma
Reply
Get Updates on the Splunk Community!

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...