Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk search- How to capitalize the first letter of every filed column?

uagraw01
Motivator
‎09-15-2022 07:37 AM

Hello Splunkers !!

As per the below screenshot I want to capitalise the first letter of every filed column.So for the same I have tried above work around which are in commented. Please suggest me how can I Capitalise first letter of every field name.

IMG_20220915_195909__01.jpg

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎09-15-2022 10:02 PM

@uagraw01 - Here is how you can do that without explicitly specifying the field name. It applies to all the present fields.

| foreach * [
| eval field_<<FIELD>> = "<<FIELD>>"
| eval field_<<FIELD>> = upper(substr(field_<<FIELD>>,1,1)).substr(field_<<FIELD>>,2)
| eval {field_<<FIELD>>} = <<FIELD>>
| fields - field_<<FIELD>>, <<FIELD>>]

 

Here is full example:

| makeresults | eval vulnerabilities=10, groups=2
| append [| makeresults | eval vulnerabilities=9, groups=4]
| foreach * [
| eval field_<<FIELD>> = "<<FIELD>>"
| eval field_<<FIELD>> = upper(substr(field_<<FIELD>>,1,1)).substr(field_<<FIELD>>,2)
| eval {field_<<FIELD>>} = <<FIELD>>
| fields - field_<<FIELD>>, <<FIELD>>]

VatsalJagani_0-1663304487485.png

 

I hope this helps!!! Please upvote & accept the answer if it answers your question!!!

View solution in original post

Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎09-15-2022 09:36 PM

@uagraw01 - In your search, it seems the easiest option to do that is to just write field names the way you want in the stats command itself. Like,

| stats dc(falcon.vul.cve.id) as Vulnerabilities, dc(host.info.id) as Groups .....

 

I hope this helps!!!

Reply
Solved! Jump to solution

uagraw01
Motivator
‎09-15-2022 09:43 PM

@VatsalJagani Thank you vatsal for your response. 

 

Just for my knowledge can you help me, how can I achieve this by using eval function?

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎09-15-2022 10:02 PM

@uagraw01 - Here is how you can do that without explicitly specifying the field name. It applies to all the present fields.

| foreach * [
| eval field_<<FIELD>> = "<<FIELD>>"
| eval field_<<FIELD>> = upper(substr(field_<<FIELD>>,1,1)).substr(field_<<FIELD>>,2)
| eval {field_<<FIELD>>} = <<FIELD>>
| fields - field_<<FIELD>>, <<FIELD>>]

 

Here is full example:

| makeresults | eval vulnerabilities=10, groups=2
| append [| makeresults | eval vulnerabilities=9, groups=4]
| foreach * [
| eval field_<<FIELD>> = "<<FIELD>>"
| eval field_<<FIELD>> = upper(substr(field_<<FIELD>>,1,1)).substr(field_<<FIELD>>,2)
| eval {field_<<FIELD>>} = <<FIELD>>
| fields - field_<<FIELD>>, <<FIELD>>]

VatsalJagani_0-1663304487485.png

 

I hope this helps!!! Please upvote & accept the answer if it answers your question!!!

Reply
Solved! Jump to solution

uagraw01
Motivator
‎09-15-2022 11:08 PM

@VatsalJagani Thanks for your response.

0 Karma
Reply
Solved! Jump to solution

VatsalJagani
SplunkTrust
SplunkTrust
‎09-15-2022 11:22 PM

@uagraw01 - If it answers your question, please mark it as an accepted answer by clicking on "Accept as Solution".

0 Karma
Reply
Solved! Jump to solution

uagraw01
Motivator
‎09-15-2022 09:15 PM

Please provide me any suggestion on the below post.

 

As per below example like First letter should be in Capital.

Current "vulnablities ", groups

expection : "Vulnablities" , "Groups"

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...