Solved: How to set empty string or null value for non-matc...

dorilevy · ‎11-02-2014

Hi,

According to the document splunk should use empty string for non-matching lookup by default. Yet, when i set an automatic lookup, i can see it uses the "NONE" string by default.

I need it to be either empty string or null(). I tried setting default (in transforms.conf file) to NULL or null() but it just sets a string with that value.

Here is how my auto-lookup is set:

props.conf:
LOOKUP-check = valid_sc_users user_id

[valid_sc_users]
filename = valid_sc_users.csv
max_matches = 1
min_matches = 1
disabled = 0

Thanks You

dorilevy · ‎11-03-2014

Just found out i can set the min_matches to 0, because the output field does not exists. this way nothing will be added - and that's what i needed.

View solution in original post

dorilevy · ‎11-03-2014

Just found out i can set the min_matches to 0, because the output field does not exists. this way nothing will be added - and that's what i needed.

How to set empty string or null value for non-matched lookup items?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

How to set empty string or null value for non-matched lookup items?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...