英文:
How to remove empty rows from Splunk table?
问题
在我的查询响应中,有时我得不到数据,只会添加一个空行。我想删除空行,是因为我的正则表达式没有找到任何记录。
index=stg host="stg-host1" " Number of data processed for day is"
| rex "(?<Records>[^\s]+) from file"
| timechart max(Records) as TotalRecords
span=45min
预期结果:删除所有空行。只有在TotalRecords具有某个值时才应可用。
当前表格:
英文:
In my query response, few time I don't get data and it's just adding row empty row.
I like to remove empty row it's my regex not found any records.
index=stg host="stg-host1" " Number of data processed for day is"
| rex "(?<Records>[^\s]+) from file"
| timechart max(Records) as TotalRecords
span=45min
Expected: Remove all empty rows. Row should only available if TotalRecords has some value.
Current Table:
答案1
得分: 2
你可以使用以下命令来移除包含特定字段为空值的结果,例如TotalRecords字段:
| where isnotnull(TotalRecords)
英文:
You can use the following command to remove results that contain a specific field with a null value, in this case TotalRecords:
| where isnotnull(TotalRecords)
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论