Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

what is the difference between 'usenull' and 'fillnull' command in splunk?

aarthirajaraman
Engager
‎02-27-2017 10:35 PM

I want to know what is the difference between usenull and fillnull command in the splunk? can anyone help me with it to get a clear idea about it?

Reply

cmerriman
Super Champion
‎02-28-2017 05:41 AM

fillnull fills all the null values in the results of a specific field/fields/all fields with a value (defaulted as 0)
https://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Fillnull

|fillnull FIELD value="N/A"

usenull is used in charting commands like timechart or chart for when you want a series created for events that don't have the split-by field.
http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Chart

|chart count by FIELD usenull=t nullstr="N/A"
Reply

youngsuh
Contributor
‎10-25-2020 09:18 AM

"sourcetype=access_* status=200 action=purchase | chart dc(clientip) OVER date_hour BY categoryId usenull=f

This search takes the purchase events and pipes it into the chart command. The dc() or distinct_count() function is used to count the number of unique visitors (characterized by the clientip field). This number is then charted over each hour of the day and broken out based on the category_id of the purchase. Also, because these are numeric values, the search uses the usenull=f argument to exclude fields that don't have a value."

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...