Solved: URGENT REQUEST: how to pull specific values from g...

iqbalintouch · ‎10-21-2019

sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" | rex field=_raw "\"customerBilledAmount\" : (?.?)," | rex field=_raw "\"resultID\" : (?.?)," | rex field=_raw "\"customerID\" : (?.*?)," | dedup resultID | table userrBilledAmount resultID customerID

Now I need to achieve
- exclude all null
- add up all userBilledAmount
- exclude all null from userBilledAmount only

493669 · ‎10-21-2019

Hi @iqbalintouch, try below-

...|where isnotnull(userrBilledAmount)

This will remove null value field.
then you can use stats to add them like |stats sum(userrBilledAmount) as TotalAmount by customerID

View solution in original post

iqbalintouch · ‎10-21-2019

if I need to pull the data where userBilledAmount !=0.0 ??

how to achieve..your query has given near to desired output..

493669 · ‎10-21-2019

Hi @iqbalintouch, try below-

...|where isnotnull(userrBilledAmount)

This will remove null value field.
then you can use stats to add them like |stats sum(userrBilledAmount) as TotalAmount by customerID

URGENT REQUEST: how to pull specific values from given query?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Join the Conversation