The SPL you shared shows the rename after you attempt to coalesce():
base search
| eval test=coalesce(field1,field2)
| rename "space field 1" AS field1, "space field 2" AS field2
| table field1 field2 test
Pretty sure what you want is this:
base search
| rename "space field 1" AS field1, "space field 2" AS field2
| eval test=coalesce(field1,field2)
| table field1 field2 test
from User warren – Stack Overflow https://stackoverflow.com/questions/76102751/splunk-coalesce-function/76103449#76103449
via IFTTT