This week encountered issue with the isnotnull() function in Sumo Logic. Its possible there was a misunderstanding or a mistake in the usage or context of the function. Sumo Logic uses different syntax or methods to filter or check for null or existing fields.
To filter logs that have a specific field, such as ensuring logs contain a message field, typically usage of a query that implicitly checks for the presence of the field without directly using an isnotnull() function.
Here's how it might adjust the query to ensure only working with logs that contain a message field:
_sourceCategory=yourSourceCategory| json "message" as Message| where !isNull(Message)
On receiving an error regarding isnotnull() or any function's existence, it might be due to a typo, case sensitivity, or Sumo Logic may not support the function as described.
The correct function to use in Sumo Logic for checking if a field is not null is !isNull().
No comments:
Post a Comment