There are many ways. Easiest may be the Parser function. You could also use the Regex Extract function, or an Eval function with a regex pattern match inside it.

I'd highly recommend you visit sandbox.cribl.io and Cribl University to begin your Cribl journey.

I have used Regex Extract to do this example -

I have a event-

raw: origin=123.123.123.123

host: 233.233.233.233

I want to make those fields host = origin, with the help of regex I extracted both origin and host which function will allow me to do this next.

host = orgin

You can use Rename to rename origin to host, or you can use Eval to set host = origin

Thanks Jon