Skip to main content
The isnotempty function returns true if the argument isn’t an empty string and isn’t null. Use this function to filter for records with valid, non-empty values, ensure data quality, or validate that required fields contain actual content.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, you check for non-empty values using conditions like field!="" and isnotnull(field). APL’s isnotempty combines both checks.
| where field!="" AND isnotnull(field)
In ANSI SQL, you check for non-empty and non-null values using separate conditions. APL’s isnotempty provides a more concise approach.
SELECT * FROM logs WHERE field IS NOT NULL AND field <> '';

Usage

Syntax

isnotempty(value)

Parameters

NameTypeRequiredDescription
valuescalarYesThe value to check for non-emptiness and non-null.

Returns

Returns true if the value is not an empty string and not null, otherwise returns false.

Use case examples

  • Log analysis
  • OpenTelemetry traces
  • Security logs
Filter HTTP logs to only include requests with valid geographic information for accurate location-based analytics.Query
['sample-http-logs']
| where isnotempty(['geo.city']) and isnotempty(['geo.country'])
| summarize request_count = count() by ['geo.city'], ['geo.country']
| sort by request_count desc
| limit 10
Run in PlaygroundOutput
geo.citygeo.countryrequest_count
New YorkUnited States2341
LondonUnited Kingdom1987
TokyoJapan1654
ParisFrance1432
This query filters requests to only include those with complete geographic information, ensuring accurate location-based analysis without null or empty values.
  • isempty: Returns true if a value is empty or null. Use this for the inverse check of isnotempty.
  • isnotnull: Checks only if a value is not null. Use this when you specifically need to test for null without checking for empty strings.
  • strlen: Returns the length of a string. Use this when you need to ensure strings have minimum content length beyond just being non-empty.
  • coalesce: Returns the first non-null or non-empty value. Use this to select from multiple fields or provide defaults.