Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

query when the field might not exist

afrancoi
Engager
‎12-02-2011 08:06 AM

I have two types of entries in my log

02DEC2011_16:02:18.065 22480138:5912 INFO ../src/s_ccls_storagemanager.cpp:7878 GRAIN Id=CCLS:5478193982531698702:4c067463037c0059 ReqType=GETAKBLOBS Uuid=7901790 sid=5681561375462916618

02DEC2011_16:01:44.962 20185372:4113 INFO ../src/s_ccls_storagemanager.cpp:7958 GRAIN Id=CCLS:5478192230185041938:4c0672c7037c0018 ReqType=GETAKBLOBS Uuid=2296490 hier_id=1 hier_name='GICS' mnemonic=GICS name='.GICS Sectors' sid=5681561740561350815

and I would like to do a query where I see the stats for count by mnemonic but also include the log entries without a mnemonic.

Tags (3)
Reply

rossikwan
Path Finder
‎07-31-2013 01:18 AM

Ref:
http://docs.splunk.com/Documentation/Splunk/5.0.3/SearchReference/Fillnull

0 Karma
Reply

Ayn
Legend
‎12-02-2011 08:22 AM

Create a value for mnemonic in the case where it doesn't exist in the event:

... | fillnull value="N/A" mnemonic | stats count by mnemonic
Reply

Ayn
Legend
‎12-02-2011 08:27 AM

Glad it helped! Could you please mark my answer as accepted? Thanks!

0 Karma
Reply

afrancoi
Engager
‎12-02-2011 08:24 AM

Awesome! Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...