Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

field value appears to be null

wtaylor149
Explorer
‎01-13-2021 02:02 PM

I'm running a search (below) that has results that sometimes in certain fields will display in the gui as empty (null) but aren't.  We I export the results I see "" as the value in the field.  I've tried several things to populate this field with data so I can search on it but I've had no luck.  Any thoughts / guidance is greatly appreciated.

search string:

| rest /servicesNS/-/-/saved/searches | where disabled=0 AND splunk_server="some_server"

| fillnull value=na next_scheduled_time

 

When I export the results and open in notepad, results are below:

title,"cron_schedule","dispatch.earliest_time","dispatch.latest_time","alert.expires","next_scheduled_time",action

"Access - Distinct Sources","","-48h@h",now,24h,"",
"Access - Distinct Users","","-48h@h",now,24h,"",

0 Karma
Reply

wtaylor149
Explorer
‎01-13-2021 02:27 PM

This may be kind of crazy but it works:

| rest /servicesNS/-/-/saved/searches | where disabled=0 AND splunk_server="my_splunk_server"
| eval n=strptime(next_scheduled_time, "%Y-%m-%d %H:%M:%S %Z")
| eval y=if(isnum(n), "yes", "no")
| search y="yes"
| table next_scheduled_time n y

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...