Re: Comparing with NULL

pm771 · ‎09-24-2020

Do I understand correctly that NULL is neither equal (==) nor not equal (!=) to any value?

I know about isnull() function, but was under (apparently wrong) impression that NULL is not equal to everything else.

Illustration:

| makeresults
| eval N=null
| eval i1=if(isnull(N), "N", "Y")
| eval i2=if(N != "Y", "N", "Y")

Result:

i1	i2
N	Y

Is it fully documented?

pm771 · ‎09-24-2020

What I meant was:

| makeresults
| eval i1=if(null==null, "true", "false")
| eval i2=if(null!=null, "true", "false")

The return will be false and false.

inventsekar · ‎09-24-2020

soo, i thought to test this with integer and string..

| makeresults
| eval N="3"
| eval i1=if(N==3, "N", "Y")
| eval i2=if(N != "3", "N", "Y")

i1=N and i2=Y

| makeresults
| eval N=3
| eval i1=if(N==3, "N", "Y")
| eval i2=if(N != "3", "N", "Y")

also produced the above result.

(PS - i have given around 350+ karma points so far, received badge for that,.. maybe you also should start "Learn, Give Back, Have Fun")

Comparing with NULL

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation