rename command examples
The following are examples for using the SPL2
To learn more about the
rename command, see How the rename command works.
The AS keyword is displayed in uppercase in the syntax and examples to make the syntax easier to read. You can specify the AS keyword in uppercase or lowercase in your searches.
1. Rename one field
usr field to
...| rename usr AS username
2. Rename a field with special characters
ip-add field to
IPAddress. Field names that contain anything other than a-z, A-Z, 0-9, or "_", need single-quotation marks.
... | rename 'ip-add' AS IPAddress
3. Specify multiple fields to rename
Use a comma-separated list of renames that you want to perform. This example renames
department. Renames are processed in the order that you specify, left to right.
...| rename usr AS username, dpt AS department
4. Rename multiple similarly named fields using wildcards
This example renames any field that starts with
u to start with
user. Because wildcard characters are used, the field names must be enclosed in single quotation marks.
...| rename 'u*' AS 'user*'
5. Rename a field with a phrase
This example renames a field with a string phrase. Because the phrase includes spaces, the field name must be enclosed in single quotation marks.
... | rename count AS 'Count of Events'
rename command usage
reverse command overview
This documentation applies to the following versions of Splunk® Cloud Services: current