Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Combine fields into new field without NULL

arrowecssupport
Communicator
‎06-23-2016 08:51 AM

From our data we end up with 2 different fields v7serial & v8serial. I want to be able to feed this into a single serial v78serial.

Example of data
v7serial
987654321

v8serial
123456789

v78serial
123456789
987654321

I am trying

| eval v78serial= toString(v8serial) + ";" + toString(v7serial)
| makemv delim=";" allserials
| mvexpand v78serial | table v78serial

The problem is when i display this data or try to use this field i get "123456789;null" this is because the data has either a v7 or v8 serial never both. So where one field is Null then don't add it to the new field.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-23-2016 09:01 AM

Try like this

your base search | eval v78serial=coalesce(v8serial,v7serial,"")  | table v78serial

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎06-23-2016 09:01 AM

Try like this

your base search | eval v78serial=coalesce(v8serial,v7serial,"")  | table v78serial
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...