Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Modify Fields in Splunk search app

misteryuku
Communicator
‎03-27-2012 08:28 PM

For the search app, I want to modify a field called "partner" (new field added when data is sent to Splunk in receivers endpoint) with a value of "Yan Yi" and replace the "partner" field value to
"muktar".

I put in this search command in the search app,
sourcetype = " sexuality" | replace Yan Yi with muktar in partner

The search app threw an error :
[EventsViewer module] Error in 'replace' command : Usage replace[orig_str WITH new_str] + [IN field1,field2,..]

What is the issue with this? Is there any way i could correact the syntax of the search command??

Tags (3)
0 Karma
Reply

Ayn
Legend
‎03-27-2012 09:50 PM

You need to enclose "Yan Yi" in quotes.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...