Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to get latest parameter from csv disregarding empty values

mishaaaaaaaaaa
Explorer
‎02-21-2019 06:00 AM

Hi splunk comunity!

I have dashboard with text input, which starts to execute when i change my parameter in text box, in query i write this parameter to my csv file.
In another dashboard i'm trying to read latest value of this parameter, but if i post an empty field in my first dashboard i get an empty result in my second.
So the question is how to check an empty value like method isEmpty() in java or how to ban empty fields passing to csv file in first dashboard?
Or how can i display last not empty value?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎02-21-2019 06:09 AM

@mishaaaaaaaaaa ,

Either use | where isnotnull(field) while reading or check with isnotnull(field) or isnull(field) before writing,

Reference : https://docs.splunk.com/Documentation/Splunk/7.2.4/SearchReference/InformationalFunctions

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎02-21-2019 06:09 AM

@mishaaaaaaaaaa ,

Either use | where isnotnull(field) while reading or check with isnotnull(field) or isnull(field) before writing,

Reference : https://docs.splunk.com/Documentation/Splunk/7.2.4/SearchReference/InformationalFunctions

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply
Solved! Jump to solution

mishaaaaaaaaaa
Explorer
‎02-21-2019 06:22 AM

@renjith.nair This doesn't work, i've already tryed something like this, but i still get an emty field in my second dushboard

| makeresults
| eval param="$firstParam$"
| eval parameter=if(isnull(param), 50, param)
| outputcsv append=true mishasTestParametrization.csv
| table parameter

| inputcsv mishasTestParametrization.csv
| stats latest(parameter) as latestParam

0 Karma
Reply
Solved! Jump to solution

renjith_nair
Legend
‎02-21-2019 07:03 AM

in that case, it might not be null() but just an empty space , try adding this

if(isnull(param) OR param=="", 50, param)

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

mishaaaaaaaaaa
Explorer
‎02-21-2019 10:27 PM

@renjith.nair yes this works, but i understud that this is not what i want. I need to write to csv if my param is not empty and don't write if it's empty

0 Karma
Reply
Solved! Jump to solution

renjith_nair
Legend
‎02-22-2019 06:10 AM

@mishaaaaaaaaaa ,
Same can be used in the outputlookup as well. Taking your example

| makeresults
| eval param="$firstParam$"
| where param!="" AND isnotnull(param)
| outputcsv append=true mishasTestParametrization.csv
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

mishaaaaaaaaaa
Explorer
‎02-24-2019 10:19 PM

thanks a lot, that works perfect!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...