Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

If one field null, populate another field with 0

cooperjaram
Engager
‎03-03-2020 09:40 AM

Hello Splunkers,

I have two fields that correlate. One field is hostname and another field is score. When I try to get an average of the score I get a incorrect value due to it calculating the score field even though the hostname is null and not representing anything. Is there a way to use if(isnull) or any other eval command so if hostname is null, it gives the other field the value of 0?

Thanks,

Cooper

0 Karma
Reply

to4kawa
Ultra Champion
‎03-03-2020 01:12 PM 
your search
|stats avg(eval(if(isnull(hostname), null(), score))) as score_avg
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎03-03-2020 10:02 AM

Without seeing your results, it would look something like this 

| eval hostname=if(isnull(score),0,'hostname')
0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...