Solved: Dynamically change field name labels

cmak · ‎01-15-2013

I have many fields that end with the regular expression _rate.
Ex:
Compile_rate
Typing_rate

I can get all my rates with this query
index="a" |stats dc() as * |transpose | regex column=^._rate.*$ |

However, I would like to rename these results in a new column, with the '_rate' removed.
So i would like to have Compile, Typing etc

How can I do this?

martin_mueller · ‎01-16-2013

You're looking for this:

... | rename *_rate as *

martin_mueller · ‎01-16-2013

You're looking for this:

... | rename *_rate as *

cmak · ‎02-12-2013

Yup, that works. Sorry, I realized I was not changing my table fields. Quite silly 😞

martin_mueller · ‎02-12-2013

This works for me:

... | rename *_rate as "* rate"

Here's a full example:

| gentimes start=-1 increment=5m | eval foo_rate = 1 | eval bar_rate = 2 | rename *_rate as "* rate"

cmak · ‎02-12-2013

What if I wanted to do something like
rename Compile_rate as "Compile rate"

rename rate as " rate"
does not yield me any results

cmak · ‎01-16-2013

Great, this worked 🙂

Dynamically change field name labels