Is empty (isempty)
Description
You can apply this operation either as a Filter or Create column operation:
Filter | Checks if a given string is empty. |
---|---|
Create column | Creates a Boolean column that shows true when a given string is empty. |
How does it work in the search window?
Select Filter / Create column in the search window toolbar, then select the Is empty operation. This operation requires only one argument:
Argument | Data type |
---|---|
String to be checked mandatory | string |
If you use the Create column operation, the data type of the values in the new column is boolean (true or false).
Null fields will show as null.
Example
In the siem.logtrust.web.activity
table, we want to create a new column to check if there are any empty values in the domain column strings.
Choose the Is empty operation from the list and select the string to be checked, which in this case is domain. You cannot add more than one argument. Once ready, click Create column.
As shown below, there are no empty values so the newly created column only shows false.
Using another table, we perform the same steps as above except this time we want to run the Is empty operation on the column named message.
Here we see that an empty value is shown as true.
How does it work in LINQ?
Use the operator where
... to apply the Filter operation and select
... as
... to apply the Create column operation. These are the valid formats of the Is empty operation:
isempty(string)
Examples
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity
table:
from siem.logtrust.web.activity
where isempty(domain)
And this is the same example using the Create column operation:
from siem.logtrust.web.activity
select isempty(domain) as column1