×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
kingso_paypal
Explorer
Member since: ‎07-28-2022
‎08-03-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-28-2022
View All

Re: How to search by a field which may have null v...

by in Splunk Search
‎07-31-2022 09:14 PM
‎07-31-2022 09:14 PM
It returns 0 events. This happens when I add a column which has no value at all unless I "fillnull" it, but I did it on max_amount field... ... View more

Re: How to search by a field which may have null v...

by in Splunk Search
‎07-29-2022 02:59 AM
‎07-29-2022 02:59 AM
Both cases are true to me. But when I tried, both return 0 records to me. Why? ... View more

How to search by a field which may have null value...

by in Splunk Search
‎07-28-2022 09:31 PM
‎07-28-2022 09:31 PM
Below is the log events that I have. One has max_amount value and one has empty value. I want to find out the events that have transaction_amount > max_amount.      [Date=2022-07-29, max_amount=100, transaction_amount=120] [Date=2022-07-29, max_amount=100, transaction_amount=90] [Date=2022-07-29, transaction_amount=120]     I tried transaction_amount>max_amount but not working. I guess it is due to some records having no max_amount value.     index=<table_name> transaction_amount>max_amount | bucket Date span=day | fillnull value=null max_amount | stats count by Date, max_amount, transaction_amount      How to get the record #1? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-03-2022 05:42 AM
Karma given to
View All