Solved: Fulfill empty table entries

zugji · ‎04-28-2013

Is there a way I can fulfill empty tables.
name="*" | chart count by name,severity | rename 1 as alert, 2 as critical, 3 as error, 4 as warn, 5 as notice, 6 as info | table name,alert,critical,error,warn,notice,info | sort - alert,critical,error,warn,notice,info | head 20

This gives a table back with empty fields. Is there a way I can fulfill empty fields with 0?

Example:

name alert critical error warn notice info
t1                   2     1    1      0
t2                   1     1    0      0

Expectation:

name alert critical error warn notice info
t1   0     0         2     1    1      0
t2   0     0         1     1    0      0

Regards,
Christian

kristian_kolb · ‎04-28-2013

You should have a look at the fillnull command.

...| fillnull alert critical | ...

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Fillnull

Hope this helps,

Kristian

View solution in original post

kristian_kolb · ‎04-28-2013

You should have a look at the fillnull command.

...| fillnull alert critical | ...

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Fillnull

Hope this helps,

Kristian

Fulfill empty table entries

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation