Splunk Search
Highlighted

How do I search for the first occurrence of a field that is not null or empty?

Explorer

I have a field "Company Name" that is empty on some events, but has a value on others. How do I search for the first occurrence of that field that is not null or empty?

sourcetype=[my source] [filter field] = 322799761 
| table customer.companyName
0 Karma
Highlighted

Re: How do I search for the first occurrence of a field that is not null or empty?

Legend

Try this

sourcetype=[my source] [filter field] = 322799761 customer.companyName=* | table customer.companyName | head 1

View solution in original post

0 Karma