Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Question on no data in index "no results found"

jiaqya
Builder
‎02-22-2020 02:49 AM

I have 2 situations to address..
1. if no data in index for timeframe , create a blank row with "no data" and come out of query
2. if data found, then eval next steps , if result is 0 , then create a blank row with "0" as data.

can both of these be achieved in a single query.
basically search index for data, if data not found, create "nodata" row, exit,
else if data found, but no results on eval, then create "0" row ...

hope i am clear with my question.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-22-2020 05:06 AM

There is no concept of "come out of query" in SPL. All queries run to the end.

To add "no data" to your query, use appendpipe near the end.

... | appendpipe [ stats count | eval foo="no data" | where count = 0 | fields - count ]
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-22-2020 05:06 AM

There is no concept of "come out of query" in SPL. All queries run to the end.

To add "no data" to your query, use appendpipe near the end.

... | appendpipe [ stats count | eval foo="no data" | where count = 0 | fields - count ]
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jiaqya
Builder
‎02-22-2020 05:37 AM

i saw the append pipe fix , but was wondering if anybody knew any other trick to get this working..
this fix helps me get things going...

i wish , if then else statements worked with spl the same way they work in other languages..

thanks..

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎02-22-2020 09:59 AM

Go to https://ideas.splunk.com to submit a feature request.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...