Splunk AppDynamics
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

ADQL showing null rows even when IS NOT NULL is applied

Kenny_Heaton
Engager
‎09-22-2020 08:16 AM

I have an ADQL that is trying to count the number of times a Customer is viewed. I have a data collector to add this data to Transactions.

Here is the query:

SELECT segments.userData.CustomerName, segments.userData.CustomerNumber, segments.userData.Agreement, count(segments.userData.CustomerName) FROM transactions WHERE application = "TruckCare-CustomerProfile" AND segments.userData.CustomerName IS NOT NULL

But even with the WHERE clause 'CustomerName IS NOT NULL' There is still a line showing up with all nulls. I know there are Transactions that don't have CustomerName, CustomerNumber, or Agreement on them but I am expecting the 'IS NOT NULL' to filter those out.

 
 

image.png

Any help much appreciated

Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Morelz
Motivator
‎09-22-2020 08:32 AM

Hi there

You need to explicitly set the data types per field for this not to occur:)

I just used string for all your fields in your query, however if some are Integers etc., you can update it accordingly

SELECT toString(segments.userData.CustomerName), toString(segments.userData.CustomerNumber), toString(segments.userData.Agreement), count(segments.userData.CustomerName) FROM transactions WHERE toString(application) = "TruckCare-CustomerProfile" AND toString(segments.userData.CustomerName) IS NOT NULL

View solution in original post

Reply
Solved! Jump to solution
Solution

Morelz
Motivator
‎09-22-2020 08:32 AM

Hi there

You need to explicitly set the data types per field for this not to occur:)

I just used string for all your fields in your query, however if some are Integers etc., you can update it accordingly

SELECT toString(segments.userData.CustomerName), toString(segments.userData.CustomerNumber), toString(segments.userData.Agreement), count(segments.userData.CustomerName) FROM transactions WHERE toString(application) = "TruckCare-CustomerProfile" AND toString(segments.userData.CustomerName) IS NOT NULL

Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...