Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Omit "NULL" and "OTHER" from area chart

srussellnpr
Explorer
‎08-13-2010 07:46 PM

How do I omit "NULL" and "OTHER" from the results of an area chart?

Reply
1 Solution
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎08-13-2010 08:41 PM

Assuming that you defined the chart using the search language directly, say with timechart, then you should add usenull=f useother=f to the end of the search like eventtype="download" | timechart count by useragent usenull=f useother=f.

If you built the report using the report builder or a link from a field, from the "2: Format report" window, click back to "1: Define report content" then click on "Define data using search language" if it's not already selected, and add usenull=f useother=f to the end of the search string.

View solution in original post

Reply
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎08-13-2010 08:41 PM

Assuming that you defined the chart using the search language directly, say with timechart, then you should add usenull=f useother=f to the end of the search like eventtype="download" | timechart count by useragent usenull=f useother=f.

If you built the report using the report builder or a link from a field, from the "2: Format report" window, click back to "1: Define report content" then click on "Define data using search language" if it's not already selected, and add usenull=f useother=f to the end of the search string.

Reply
Solved! Jump to solution

driptarup
Engager
‎09-10-2020 12:36 AM

Hello Stephen,

I am using the flags "usenull=f useother=f" in my timechart search, but no logs are coming still, are there any limits being responsible for it?

Reply
Solved! Jump to solution

slgizmo
Explorer
‎01-30-2017 10:23 AM

Stephen,

I realize this is about seven years late but I wanted to thank you for this tidbit of information. Our reports just became more readable with not having to explain what "OTHER" is.

Gizmo

Reply
Solved! Jump to solution

imanpoeiri
Communicator
‎07-20-2015 04:33 AM

You've just received cookies!

0 Karma
Reply
Solved! Jump to solution

infinitiguy
Path Finder
‎02-15-2012 12:18 PM

exactly what I was looking for!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...