Is not null (isnotnull)
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
Description
You can apply this operation either as a Filter or Create column operation:
Filter | Filters non-null values in a given column. |
|---|---|
Create column | Creates a Boolean column that shows true if a given value is not null. |
How does it work in the search window?
Select Filter / Create column in the search window toolbar, then select the Is not null operation. You need to specify one argument:
Argument | Data type |
|---|---|
Value mandatory | Any |
If you use the Create column operation, the data type of the values in the new column is boolean (true or false).
Example
In the siem.logtrust.web.activity table, we want to get only the events where the value in the URL column is not null. To do it, we will apply a Filter using the Is not null operation.
The arguments needed for the filter are:
Value - URL column
Click Filter data and you will see the following result:
Click Create column and follow the same steps to add a new Boolean column that shows true when the values in the URL column are not null.
How does it work in LINQ?
Use the operator where... to apply the Filter operation and select... as... to apply the Create column operation. This is the syntax for the Is not null operation:
isnotnull(field)
Examples
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table:
from siem.logtrust.web.activity
where isnotnull(URL)And this is the same example using the Create column operation:
from demo.ecommerce.data
select isnotnull(clientIpAddress) as ip_not_null