Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

rename field with *

secure
Path Finder
‎01-29-2025 01:16 PM

Hi 

i have a field with name 

server_*_count. the * is coming from an input dropdown ALL where value is * 

how can i rename it to server_ALL_count

|rename server_*_count as server_ALL_count

its giving me an error cannot be renamed because of asterix (wildcard)

Labels (1)
Labels
Tags (1)
0 Karma
Reply

secure
Path Finder
‎01-29-2025 01:35 PM

@bowesmana 

here is the dropdown ALL value = * 

secure_0-1738186419172.png

in the query 

secure_2-1738186509556.png

so when selected all it comes as server_*_count

 

 

 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎01-29-2025 07:46 PM

Like @bowesmana says

but do you really need the $env$ in the field name?

Wouldn't 

| stats dc(hostname) by host_environment

make more sense in a dashboard? 

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎01-29-2025 01:43 PM

OK, so it's getting created in the stats command. So don't use that technique. Do something like

| stats dc(hostname) as server_count
| eval n=if($env|s$="*", "ALL", $env|s$)
| eval server_{n}_count=server_count
| fields - server_count

but do you really need the $env$ in the field name? Is this dashboard studio - you can probably assign an additional token $env_name$ based on the selected NAME of the environment rather than the token value. I'm not familiar enough with DS to say how to do this, but you can then use $env$ as the search constraint and $env_name$ as the server name.

0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎01-29-2025 01:29 PM

You can't rename it like that - how does that field exist? Is it actually in the data or is it created somehow.

Can you post the dropdown where that field is created?

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...