Is empty (isempty)
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
- Former user (Deleted)
Description
You can apply this operation either as a Filter or Create field operation:
Filter | Checks if a given string is empty. |
|---|---|
Create field | Creates a Boolean column that shows true when a given string is empty. |
How does it work in the search window?
Select Filter / Create field in the search window toolbar, then select the Is empty operation. This operation requires only one argument:
Argument | Data type |
|---|---|
String to be checked mandatory | string |
If you use the Create field operation, the data type of the values in the new field is boolean (true or false).
Null fields will show as null.
Example
In the siem.logtrust.web.activity table, we want to create a new field to check if there are any empty values in the domain field strings.
Choose the Is empty operation from the list and select the string to be checked, which in this case is domain. You cannot add more than one argument. Once ready, click Create field.
As shown below, there are no empty values so the newly created column only shows false.
How does it work in LINQ?
Use the operator where... to apply the Filter operation and select... as... to apply the Create column operation. These are the valid formats of the Is empty operation:
isempty(string)
Examples
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table:
from siem.logtrust.web.activit
where isempty(domain)And this is the same example using the Create column operation:
from siem.logtrust.web.activity
select isempty(domain) as column1