Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

return events with null values in an eval function

edookati
Path Finder
‎12-11-2014 10:55 AM

I am using the below query, but few events in the logs don't have service_name values. They only have operation_name. I need to include these events in the results with only the operation name. Please help me.

index=jms_logs sourcetype=perflogs | eval service_operation = service_name.".".operation_name | table service_operation | dedup service_operation | sort service_operation

thanks.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-11-2014 11:00 AM

Try this

index=jms_logs sourcetype=perflogs | eval service_operation = coalesce(service_name.".","").operation_name | stats count by service_operation | table sort service_operation

The stats will automatically remove duplicates and sort.

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-11-2014 11:00 AM

Try this

index=jms_logs sourcetype=perflogs | eval service_operation = coalesce(service_name.".","").operation_name | stats count by service_operation | table sort service_operation

The stats will automatically remove duplicates and sort.

View solution in original post

Reply
Solved! Jump to solution

edookati
Path Finder
‎12-11-2014 12:49 PM

thanks. it worked

0 Karma
Reply
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Get Updates on the Splunk Community!