Solved: URGENT REQUEST: how to pull specific values from g...

iqbalintouch · ‎10-21-2019

sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" | rex field=_raw "\"customerBilledAmount\" : (?.?)," | rex field=_raw "\"resultID\" : (?.?)," | rex field=_raw "\"customerID\" : (?.*?)," | dedup resultID | table userrBilledAmount resultID customerID

Now I need to achieve
- exclude all null
- add up all userBilledAmount
- exclude all null from userBilledAmount only

493669 · ‎10-21-2019

Hi @iqbalintouch, try below-

...|where isnotnull(userrBilledAmount)

This will remove null value field.
then you can use stats to add them like |stats sum(userrBilledAmount) as TotalAmount by customerID

View solution in original post

iqbalintouch · ‎10-21-2019

if I need to pull the data where userBilledAmount !=0.0 ??

how to achieve..your query has given near to desired output..

493669 · ‎10-21-2019

Hi @iqbalintouch, try below-

...|where isnotnull(userrBilledAmount)

This will remove null value field.
then you can use stats to add them like |stats sum(userrBilledAmount) as TotalAmount by customerID

URGENT REQUEST: how to pull specific values from given query?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!