×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
thrtnastrx
Observer
Member since: ‎11-25-2024
‎11-25-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-25-2024
Activity Feed
Topics I've Started
View All

Re: Top with optional field results

by SplunkTrust in Splunk Search
‎11-25-2024 06:20 PM
‎11-25-2024 06:20 PM
You did mention that field2 doesn't exist and that is exactly what fillnull will do. It will create a field in an event where there is no field for that event and it gives it the value you specify. So when you say it didn't work, can you elaborate - what didn't work. field2 WILL be created if it does not exist in a log source where there is no field2 value, so top field1 field2 field3 field4 will not ignore results where field2 does not exist, because after fillnull, it will ALWAYS exist. Perhaps you can show examples of the data and your SPL ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-25-2024 04:41 PM