Splunk Search

rename & replace

Path Finder

Hello,

I'm new with SPL and Splunk, I have a folder that has 3 files, in the first file I have a column called Vblock, in the other two is called vCenter. I want to rename vCenter by Vblock in both files and then I want to replace the Vblock values as follows: when I have Vbc1 I replace it with Vblock1, when I have Vbc2 I replace it with Vblock 2, as I can do that?
I made this request |rename vCenter as Vblock |replace "vbc1" with "Vblock1", "vbc2" with "Vblock2" in Vblock but they do not replace the values of Vblock or I may not know how to check.

Thanks for your help.

Tags (2)
0 Karma

Esteemed Legend

The rename command changes the field name whereas replace changes the field value so you have that part right. You just need some wildcards:

 |rename vCenter as Vblock |replace "*vbc1*" with "*Vblock1*", "*vbc2*" with "*Vblock2*" in Vblock
0 Karma

Path Finder

what is the role of the order coalesce

0 Karma

Champion

Hi,

You can do something like below,

| eval newfield=colesce(Vblock,vCenter)
| eval newfield=Case(newfield="Vbc1","vblock1",newfield="vbc2","vblock2")
————————————
If this helps, give a like below.
0 Karma

Path Finder

What does the coalesce command mean in this Splunk search?

0 Karma