Avatar

Antony Bowesman

  • Total activity 4
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 2

Activity overview

Latest activity by Antony Bowesman
  • Avatar

    Antony Bowesman created a post,

    Sumo's equivalent of Splunk eventstats?

    Is there a way to achieve different aggregations with different split by clauses without losing fields. In Splunk you would do this with eventstats rather than stats. For example, if I want to find...

  • Avatar

    Antony Bowesman created a post,

    Splunk's | rex mode=sed equivalent in Sumo

    I have numerous fields that contain poorly defined data. With Splunk I would typically just do something like | rex field=x mode=sed "s/\d{2,}/ID/g" to change all 2+ digits in a field to the text '...