rename
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
rename
Synopsis
Renames a specified field (wildcards can be used to specify multiple fields).
Syntax
rename wc-field AS wc-field
Arguments
- wc-field
- Syntax: <string>
- Description: The name of a field and the name to replace it. Can be wildcarded.
Description
Renames a field. If both the source and destination fields are wildcard expressions with he same number of wildcards, the renaming will carry over the wildcarded portions to the destination expression.
Examples
Example 1: Rename the "_ip" field as "IPAddress".
... | rename _ip as IPAddressExample 2: Rename fields beginning with "foo".
... | rename foo* as bar*Example 3: Rename the "count" field.
... | rename count as "Count of Events"See also
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.