Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Return 0 when there is no data.

justeso1
Loves-to-Learn Everything
‎10-07-2020 08:17 AM

I have this search thar returns the data from the last 10 days.

index="raw_eg8" earliest=-10d@d latest=now()
| search "evento.ORIGEM_EVENTO" = "FileService" | search "evento.STATUS" = "PROCESSADO" | search "evento.SIGLA"="CB4" | spath "evento.SIGLA"| bucket _time span=1d
| eval DayOfWeekC=strftime(_time, "%a")
| eval DayOfWeekN=strftime(_time, "%m-%d-%Y")
| table "evento.SIGLA", DayOfWeekC, DayOfWeekN, | stats count by "evento.SIGLA" , DayOfWeekN | eventstats sum(count) AS Total by "evento.SIGLA" | eval avg= Total/count| sort DayOfWeekN desc 

And then i got this results. But, as you can see, in 10-05-2020 there is no data. 

How can I return count = 0 when there is no data? 

Like 

 

evento.SIGLA DayOfWeekN count Total avg

CB410-05-2020088

 

justeso1_0-1602083442632.png

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply

ashajambagi
Communicator
‎10-08-2020 10:38 AM

Hi @justeso1 ,

Try using  | fillnull

https://docs.splunk.com/Documentation/Splunk/8.0.6/SearchReference/Fillnull

 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...