We have data which can display a computer's serial number. The data is a little odd and we have to extract the serial number using 1 rex and 1 is done automatically. This creates 2 fields serialnumber1 & serialnumber2 .

I've tried to create an alias called serialnumber, but I've run into problems.

Applies to sourcetype = imap
Field aliases >  serialnumber1 =serialnumber
Field aliases >  serialnumber2 =serialnumber

The problem is that when both fields are populated, serialnumber is populated

1. When serialnumber1 is NULL and serialnumber2 is populated, "serialnumber" is populated
2. When serialnumber1 is populated and serialnumber2 is NULL,"serialnumber" IS NOT POPULATED
3. When Both serialnumber1 & serialnumber2 are populated, "serialnumber" is populated

Why is this case that when search result 2. above is true the aliases fail.