hi
As you can see below, I am doing a stats with the field "process_name"
In order to be more comprenhensive, I am doing a rename of this field with a case function
But in my table, I would like to display this field 2 times : one time with the original name and another time with the name done after the rename
How I can do this please??
| stats values xxxxxx by host process_name
| eval process_name=case(process_name like "mfev%" OR process_name like "mcdatrep" OR process_name=="mcshield")
| rename process_name as "Process name"
| table "Process name"
↧