I have this splunk search:
host=app-dev-001 terminating | convert timeformat="%Y-%m-%d" ctime(_time) AS date | sort term_user | rename term_user AS 'Terminated User'
When I run it I get this error:
Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+.
This search works:
host=app-dev-001 terminating | convert timeformat="%Y-%m-%d" ctime(_time) AS date | sort term_user | table term_user
I get results that look like:
1 Solution
