thank you for the reference @jkat54. I tried adding fillnull with different options but it did not resolve my issue.

 | pivot servicestrafficcaapimodel servicesapiqads count(servicesapiqads) AS count SPLITROW _time AS _time PERIOD day SPLITROW service AS service SPLITROW operation AS operation SPLITROW method AS method SPLITROW principal AS principal SPLITROW systemid AS systemid TOP 100 count(servicesapiqads) ROWSUMMARY 0 COLSUMMARY 0 SHOWOTHER 1 | SORT -_time |  fillnull value=NULL

How about an eval on the datamodels definition instead..

 | eval field=if(isnull(field),"NULL",field)

Thank you for your answer. I tried to add it in my data model and it works fine. But I couldn't save it there. So this is not reflecting in the report.

my data model

| from datamodel:"servicestrafficcaapimodel.servicesapiqads" | eval systemid=if(isnull(systemid),"NULL",systemid)

I don't have an option to save it. How do I reflect it in the report?

Thank you again

Why can't you save the edits to your data model?

You go to datasets, open the dataset/datamodels, click edit (or manage then edit), click add field, select eval expression from add field drop down, and you add the expression save and rebuild any summaries/access you have.

I am trying the exact same thing. I put "systemid=if(isnull(systemid),"NULL",systemid)" in eval expression bar and I get the below error while previewing. Name of the field is systemid.

"Error in 'eval' command: Fields cannot be assigned a boolean result. Instead, try if([bool expr], [expr], [expr])."

Maybe it doesn't like "NULL"? Never seen that before.

In the constraints for this data model, I just have the index. SO every event from this index should be in the report.

The issue is the logs that have a missing field determined in the report query is not getting pickedup.