rename
import { Tabs, TabItem, Aside } from ‘@astrojs/starlight/components’;
The rename command renames one or more fields in your search results. It is especially useful for simplifying the long, dot-delimited attribute names common in OpenTelemetry data (e.g., resource.attributes.service.name) into shorter, readable aliases.
Syntax
Section titled “Syntax”rename <source-field> AS <target-field> [, <source-field> AS <target-field>]...Arguments
Section titled “Arguments”| Parameter | Required | Description |
|---|---|---|
<source-field> | Yes | The current field name. Supports wildcard patterns using *. |
<target-field> | Yes | The new name for the field. Must contain the same number of wildcards as the source. |
Usage notes
Section titled “Usage notes”- Multiple renames can be specified in a single command, separated by commas.
- Wildcard patterns (
*) match any sequence of characters. Both the source and target must have the same number of wildcards. For example,*NamematchesserviceNameandtraceGroupName, and renaming to*_nameproducesservice_nameandtraceGroup_name. - Renaming to an existing field removes the original target field and replaces it with the source field’s values.
- Renaming a non-existent field to an existing field removes the target field from results.
- Renaming a non-existent field to a non-existent field has no effect.
- The
renamecommand executes on the coordinating node and is not pushed down to the query DSL. - Literal
*characters in field names cannot be escaped — the asterisk is always treated as a wildcard.
Examples
Section titled “Examples”Rename a single field
Section titled “Rename a single field”source = otel-v1-apm-span-*| rename serviceName as service| head 20Rename multiple fields
Section titled “Rename multiple fields”source = otel-v1-apm-span-*| rename serviceName as service, durationInNanos as duration_ns| head 20Rename with wildcards
Section titled “Rename with wildcards”Match all fields ending in Name and replace with _name:
source = otel-v1-apm-service-map-*| rename *Name as *_name| head 20Multiple wildcard patterns
Section titled “Multiple wildcard patterns”Combine several wildcard renames in one command:
source = otel-v1-apm-span-*| rename *Name as *_name, *Id as *_id| head 20Rename an existing field to another existing field
Section titled “Rename an existing field to another existing field”The target field is replaced by the source field’s values:
source = otel-v1-apm-span-*| rename serviceName as name| head 20The name column now contains the original serviceName values.
Extended examples
Section titled “Extended examples”Simplify OTel attribute names for log analysis
Section titled “Simplify OTel attribute names for log analysis”OpenTelemetry log fields have long, dot-delimited names. Rename them for readability before analysis:
source = logs-otel-v1*| rename `resource.attributes.service.name` as service, `resource.attributes.telemetry.sdk.language` as language, `resource.attributes.host.name` as host| where severityText = 'ERROR'| stats count() as errors by service, language, host| sort - errorsRename span fields for dashboard readability
Section titled “Rename span fields for dashboard readability”Shorten trace span attribute names for cleaner output in dashboards:
source = otel-v1-apm-span-*| rename serviceName as service, durationInNanos as duration_ns| eval duration_ms = duration_ns / 1000000| sort - duration_ms| head 20See also
Section titled “See also”- fields - select or exclude fields
- eval - create computed fields
- Command Reference - all PPL commands