Re: Rename columns

deanamite91 · ‎09-23-2015

I have the following search string

index="commercial_performance" "Efficiency Variance *" OR "Intervention Variance *" OR "Entitlement Variance *" | stats sum(Value) AS "Total" by Cat1 | addcoltotals labelfield=Cat1 label="Total (£)"

On my graph the Efficiency Entitlement and Intervention Variance columns say 'Efficiency Variance (\xA3)' when I want them to say 'Efficiency Variance (£)'.

I have tried renaming them but no luck.

gcato · ‎09-23-2015

Hi deanamite91,

Just use the "rename" command to rename your column headers.

... | rename "Efficiency Variance (xA3)" AS "Efficiency Variance (£)" ...<and so on>...

deanamite91 · ‎09-24-2015

I've tried using rename and it doesn't work.

deanamite91 · ‎09-24-2015

The field is Cat1 and the values within it are Efficiency Variance (\xA3), Intervention Variance (\xA3) and Entitlement Variance (\xA3)

gcato · ‎09-24-2015

I suggest either the sed or the replace() commands. For example,

... | rex mode=sed "s/xA3/£/g"

OR

  ... | eval Cat1 = replace(Cat1, "xA3", "£")

Rename columns

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation