Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Search for null values across multiple fields

paulyreid
New Member
‎08-16-2012 03:36 AM

Hi

I have a CSV input file that has some null values. I'm using fillnull value=NULL to make these appear in the search results.

I'm able to search if a specified field is null, for example search x=null | stats count by x.

What I'd ideally like to do is return the name of any field that has a null value. Ideally something like search *=null | stats dc(*) as *. Then I can use transpose to get the list of those field names to display as table in a dashboard.

Cheers

Tags (3)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎08-16-2012 10:47 AM

The problem is going to be that coming out of an AutoHeader or CHECK_FOR_HEADER csv input, there's no difference between a defined field that is null-valued, and a completely random field like "chickenfeet" that is entirely undefined.

There are some confusing things around fields that have empty values, but in my experience this only happens when you're doing certain things in the search language down in the later pipes.

Someone else might have a better suggestion but I think you'll have to have to do it explicitly with a big set of fullnulls, and a lot of | where isnull(A) OR isnull(B) OR ...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...