Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Use fillnull to fill in different values within sa...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rfranco83
New Member
02-06-2020
10:12 AM
Hi All,
I am trying to use the fillnull to populate empty values within the same field with unique values. For example, the first empty value found in field1, insert unknown1. The second empty value found in field1, insert unknown2, etc...
Any suggestions?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nickhills
Ultra Champion
02-06-2020
11:45 AM
Assuming all the events have a null, or you just need them to be unique (not sequential) try this:
|streamstats count as ct|eval yourNullField=if(isnull(yourNullField),"Unknown "+ct,yourNullField)
If my comment helps, please give it a thumbs up!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nickhills
Ultra Champion
02-06-2020
11:45 AM
Assuming all the events have a null, or you just need them to be unique (not sequential) try this:
|streamstats count as ct|eval yourNullField=if(isnull(yourNullField),"Unknown "+ct,yourNullField)
If my comment helps, please give it a thumbs up!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rfranco83
New Member
02-06-2020
01:44 PM
Thank you for your reply.
What that did was fill in the empty values all the same with "Unknown" and "# of events" for a particular field. Example: Within MyField1 all empty values show "Unknown 500". What I am trying to do is increment the value so all the empty values in MyField1 are unique.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
nickhills
Ultra Champion
02-06-2020
01:49 PM
sorry - use streamstats, not event stats.
edited answer
If my comment helps, please give it a thumbs up!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rfranco83
New Member
02-06-2020
03:16 PM
That works, thank you!! I appreciate the quick response.
Get Updates on the Splunk Community!
Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...
This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...
Elevate Your Organization with Splunk’s Next Platform Evolution
Thursday, July 10, 2025 | 11AM PDT / 2PM EDT
Whether you're managing complex deployments or looking to ...
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
