Is null (isnull)
- Juan Tomás Alonso Nieto (Deactivated)
- Sarah Bigault (Deactivated)
Description
You can apply this operation either as a Filter or Create field operation:
Filter | Filters null values in a given field. |
|---|---|
Create field | Creates a Boolean field that shows true if a given value is null. |
How does it work in the search window?
Select Filter / Create field in the search window toolbar, then select the Is null operation. You need to specify one argument:
Argument | Data type |
|---|---|
Value mandatory | Any |
If you use the Create field operation, the data type of the values in the new field is boolean (true or false).
Example
In the siem.logtrust.web.activity table, we want to get only the events where the value in the city field is null. To do it, we will apply a Filter using the Is null operation.
The arguments needed for the filter are:
Value - city field
Click Filter data and you will see the following result:
Click Create field.
Follow the same steps to add a new Boolean field that shows true when the values in the city field are null.
How does it work in LINQ?
Use the operator where... to apply the Filter operation and select... as... to apply the Create field operation. This is the syntax for the Is null operation:
isnull(field)
Examples
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table:
from siem.logtrust.web.activity
where isnull(city)And this is the same example using the Create field operation:
from siem.logtrust.web.activity
select isnull(city) as city_nullÂ