Abstract
Learn how to filter for empty values in the results table in Cortex Query Language.
When building a query you can filter for empty values in the results table, which can include or exclude null or empty strings. In the query syntax, empty strings are represented as ""
, while null fields are represented as null
.
Example
Below is an example of filtering your endpoint data in the results table to exclude all null values and any empty strings for a user.
config timeframe = 90d | dataset = endpoints | filter endpoint_status in (CONNECTED, DISCONNECTED) | filter user != null and user != "" | fields user, group_names, endpoint_name