Solved: can i insert a default value for results

rakesh_498115 · ‎06-14-2012

Hi,

i have created 5 eventtypes say A,B,C,D and used the chart command to display the count of all the events in the evenntypes on the particular searchlogic..For few searchlogic few eventtypes didnt contain any events..in that case nothing is displaying..I need to display "N/A" to that field instead of displaying blank.

How can i do this..

My search query is something like this ..

sourcetype="X" (somelogic) | chart sum(count) by uniqueId,eventtype

My output is .

UniqueID    A B C D E 
ddd         4    5 5 7
sss            5 4 7 8

I need the output like this.

UniqueID    A     B      C D E 
ddd         4     N/A    5 5 7
sss         N/A   5      4 7 8

Thanx

Ayn · ‎06-14-2012

Use fillnull to give the fields without a value a predefined value of your own:

... | fillnull value="N/A"

More information on the fillnull command: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Fillnull

View solution in original post

Ayn · ‎06-14-2012

Use fillnull to give the fields without a value a predefined value of your own:

... | fillnull value="N/A"

More information on the fillnull command: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Fillnull

can i insert a default value for results

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms