This function renames one or more fields.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
as | string | optional[a] | The new name of the field; it is used when a single field name is given in field. | |
field[b] | string or array | required | The field to rename, if a new field name is given in as. From v1.106.0, multiple fields can be given using an array of old/new field name pairs: [oldName,newName]. | |
[a] Optional parameters use their default value unless explicitly set. | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
fieldcan be omitted; the following forms of this function are equivalent:logscalerename("field")and:
logscalerename(field="field")These examples show basic structure only.
Old fields are are removed from the event stream which can add overhead during processing. Copying to a new field using:
newfield := oldfieldIs more efficient, but retains the old field in the event set.
rename() Examples
To rename just one field use the as parameter;
for example, rename field
BadName to
GoodName:
rename(field=BadName, as=GoodName)Or you can rename BadName to GoodName using assignment syntax:
GoodName := rename(BadName)To rename multiple fields use the array form:
rename(field=[[fromBadName1, toGoodName1], [fromBadName2, toGoodName2]])
Or, since field is the unnamed parameter:
rename([[fromBadName1, toGoodName1], [fromBadName2, toBadName2]])
If field is given as a list of pairs, the
function can be given any number of fields to rename.