Versions Compared

Old Version 2

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 3

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Changes the display name and/or format of specified columns.

...

Required Arguments

RESULT_COLUMN_NAME

Syntax: <character string>

Description: The name of the column header in the resulting events whose name and/or format you want to change.

Optional Arguments

NEW _COLUMN_NAMEformat

Syntax: <character string>

Description: The new name of the column header that has IP address values

Optional Arguments

None.

[ ]

Syntax: <character string>

Description: The new format of the column header values. This can be any of the following formats:

  • number  –  format the text in the column to number format : (“#.##”) – the decimal format of the number
  • simple – display columns in different format : (“column.name1 – column.name2”) – replace the columns with the values from the result
  • time – display the value in a time format way: (“[OUTPUT_UNIT]”) , (“[INPUT_UNIT] “,“[OUTPUT_UNIT]”) – display the column in output format and use input unit In case it is different from milliseconds.
    Time units: [microsec,ms,sec,min,hour,day]
  • date – display the value in day format: (“[SIMPLE DATE FORMAT]”) – change the date format
  • volume – display the value in the volume format way: (“[OUTPUT_UNIT]”) , (“[INPUT_UNIT] “,“[OUTPUT_UNIT]”) – display the column in output format and use input unit in case it is different from bytes.
    Volume units: [B,KB,MB,GB]
  • regexp – use regexp to extract values from the data: (“[REGEXP]”) – display the first group that is found from the regular expression
  • expression – use the expression to make a calculation on a column result: (“[EXPRESSION]”) – use an expression to calculate different result value

Description

For each event that has the specified IP_address_column_name with an IP address value, extracts the city name from the IP address, using the hostip.info databasespecified column name, does the following, as specified:

  • Changes the column name to the new column name,
  • Changes the format of the column name to the specified format.

Several columns can be changed, by placing them in a comma-separated list.

Examples

Example 1:  

* log.access | display Column_X as Column_Y

 In log access events, change the display name of Column_X to Column_Y.

Example 2:  

* log.

...

access | display Volume_Interval_Column in volume format ("Output_Unit") 

 Assumes that the value in Volume_Interval_Column is in bytes, and displays it in Output_Unit format. Optional volume units are B, KB, MB, and GB