Re: Comparing with NULL

pm771 · ‎09-24-2020

Do I understand correctly that NULL is neither equal (==) nor not equal (!=) to any value?

I know about isnull() function, but was under (apparently wrong) impression that NULL is not equal to everything else.

Illustration:

| makeresults
| eval N=null
| eval i1=if(isnull(N), "N", "Y")
| eval i2=if(N != "Y", "N", "Y")

Result:

i1	i2
N	Y

Is it fully documented?

pm771 · ‎09-24-2020

What I meant was:

| makeresults
| eval i1=if(null==null, "true", "false")
| eval i2=if(null!=null, "true", "false")

The return will be false and false.

inventsekar · ‎09-24-2020

soo, i thought to test this with integer and string..

| makeresults
| eval N="3"
| eval i1=if(N==3, "N", "Y")
| eval i2=if(N != "3", "N", "Y")

i1=N and i2=Y

| makeresults
| eval N=3
| eval i1=if(N==3, "N", "Y")
| eval i2=if(N != "3", "N", "Y")

also produced the above result.

(PS - i have given around 350+ karma points so far, received badge for that,.. maybe you also should start "Learn, Give Back, Have Fun")

Comparing with NULL

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Join the Conversation