Splunk equivalent queries in Sumo

Follow

Shivaraj Mulamani

• January 24, 2022 07:21

Hi there,
Please help me finding the Splunk query equivalent function in Sumo.

What is the equivalent query function in Sumo for below functions?

 

earliest

coalesce

 

0

• 

  Eli Jang

  • July 14, 2022 12:15

  1. earliest
  you have to use Time Range icon in Sumo UI.
  https://help.sumologic.com/05Search/Get-Started-with-Search/Search-Basics/Time-Range-Expressions

  2. coalese
  you can rename all fields like below 
  | ip_address as ip
  | src_ip as ip
  | dest_ip as ip
  
  

  0

  Comment actions Permalink

Please sign in to leave a comment.