Solved: want 0 count if keyword does not match

abhayneilam · ‎10-29-2012

index="usb_weekly_data" |rex field="src_file_name" (?(?i)"presentation") | stats count as First by key_word

above query returns me :

presentation 47

but if I change the keyword to "halla" then it is not matching in the "src_field_name" field, then it should give me 0 as an output like :

halla 0

Please help me to get this type of 0 output for non-matching keywords !!

Please help me this time, I have been searching for the solution , but didnt get yet !!

Your help would be highly appreciated !!

Thanks in Advance

sdaniels · ‎10-29-2012

This previous answer may help so that you can represent no results found as a 0:

http://splunk-base.splunk.com/answers/59589/no-results-found-to-be-represented-as-null-or-0

View solution in original post

sdaniels · ‎10-29-2012

This previous answer may help so that you can represent no results found as a 0:

http://splunk-base.splunk.com/answers/59589/no-results-found-to-be-represented-as-null-or-0

abhayneilam · ‎10-29-2012

Many Many thanks sdaniels for this , this really helped me a lot, I appreciate your help for this and hope to get same assistance in future also. Once again very very thanks 🙂

want 0 count if keyword does not match

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation