Splunk Search

Need to rename just one header

infra2sec
Path Finder

Hi,

I need to be able to change the _time column header to something else instead of just saying _time (I guess that you call it field?)
I have been trying to change it, but when I do I end up with missing data below the _time header or it reverts to a timestamp that isn't useable to the average human
.
I know that you all might want to alter the existing search, but I am not permitted to change the search very much at all for reasons beyond the scope of this post.

Here is what I have:

somecoolmacro sourcetype="123_blabla" | rex field=source "someplace\(?[\w\s-]*)" | dedup temp | table temp _time | rename temp as "Date of what I need to know" | fieldformat _time = strftime(_time, "%b %d, %Y")

Thanks in advance!!

P.S. The first part of the search was intended to be accent grave then somecoolmacro then accent grave

I am not sure why it did that.

Tags (1)
0 Karma
1 Solution

AlexeyNL
Explorer

Do you satisfy with solution from here https://answers.splunk.com/answers/1275/renaming-time-field-causes-an-unwanted-result.html?

| eval my_time=_time | convert timeformat="%Y-%m-%d" ctime(my_time)

View solution in original post

infra2sec
Path Finder

Playing around with it, but it is giving me an extra column and slings an unwanted date column like before.

0 Karma

AlexeyNL
Explorer

Do you satisfy with solution from here https://answers.splunk.com/answers/1275/renaming-time-field-causes-an-unwanted-result.html?

| eval my_time=_time | convert timeformat="%Y-%m-%d" ctime(my_time)
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...