Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Rename columns

deanamite91
Explorer
‎09-23-2015 08:00 AM

I have the following search string

index="commercial_performance" "Efficiency Variance *" OR "Intervention Variance *" OR "Entitlement Variance *" | stats sum(Value) AS "Total" by Cat1 | addcoltotals labelfield=Cat1 label="Total (£)"

On my graph the Efficiency Entitlement and Intervention Variance columns say 'Efficiency Variance (\xA3)' when I want them to say 'Efficiency Variance (£)'.

I have tried renaming them but no luck.

Tags (2)
0 Karma
Reply

gcato
Contributor
‎09-23-2015 02:21 PM

Hi deanamite91,

Just use the "rename" command to rename your column headers.

... | rename "Efficiency Variance (xA3)" AS "Efficiency Variance (£)" ...<and so on>...
0 Karma
Reply

deanamite91
Explorer
‎09-24-2015 01:06 AM

I've tried using rename and it doesn't work.

0 Karma
Reply

deanamite91
Explorer
‎09-24-2015 01:38 AM

The field is Cat1 and the values within it are Efficiency Variance (\xA3), Intervention Variance (\xA3) and Entitlement Variance (\xA3)

0 Karma
Reply

gcato
Contributor
‎09-24-2015 03:08 PM

I suggest either the sed or the replace() commands. For example,

... | rex mode=sed "s/xA3/£/g"

OR

  ... | eval Cat1 = replace(Cat1, "xA3", "£")
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...