I have a query like this
sourcetype="beta" index="alpha" | table fieldA, fieldB, fieldC
how do I rename fields fieldA to A, fieldB to B and fieldC to C
These fields are strings AND numbers (not sure how I would use stats or table)
you can use the rename command .... | rename fieldA AS newname, fieldB AS b | table newname, b
View solution in original post
Perhaps more elegant (and practical for many fields) to do:
| rename field* AS *
Thank you, this is very useful!
Hey, fellow Splunkers,
When I actually attempted to conduct multiple rename fields using that method, I receive the following error: rename [old_name AS/TO/-> new_name]+
Can you post the search it should be like:
| rename user_name AS user, src AS "IP Address", host AS "Server Name"
hope that helps...
Agreed, I just changed it.
While the above works, you are probably better expanding rename command instead of piping to rename for every field you want renamed.
eg. | rename fieldA AS newnameA, fieldB AS newnameB, fieldC AS newnameC instead of: | rename fieldA AS newnameA |rename fieldB AS newnameB |rename fieldC AS newnameC
yup.. thanks a bunch
