Filter Out Fields With No Value

Filter out fields with no values from search results using the groupBy() with sort()

Query

logscale
method=GET
groupBy(field=[method, statuscode], function=count(as=method_total))
sort([method, statuscode], order=asc)
FieldName!=""

Introduction

It is possible to filter out on fields with no values in a given returned search result. In this example, all statuscode fields containing no value is filtered out from the final search result.

Example incoming data might look like this:

methodstatuscodemethod_total
GET<no value>10
GET20032492
GET3011
GET304113
GET4039
GET404132

Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    method=GET

    Filters for all events with methods of the type GET.

  3. logscale
    groupBy(field=[method, statuscode], function=count(as=method_total))

    Groups the returned results into a method field and a statuscode field and makes a count of the events in a new field named method_total.

  4. logscale
    sort([method, statuscode], order=asc)

    Sorts the returned results in ascending order.

  5. logscale
    FieldName!=""

    Excludes all events where one of the fields do not contain a value.

  6. Event Result set.

Summary and Results

The query is used to filter out fields not containing any values from the returned search result.

Sample output from the incoming example data:

methodstatuscodemethod_total
GET20032492
GET3011
GET304113
GET4039
GET404132