isnotnull function returns true if the argument isn’t null. Use this function to filter for records with defined values, validate data presence, or distinguish between null and other values including empty strings.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk SPL, you check for non-null values using
isnotnull() function. APL’s isnotnull works the same way.ANSI SQL users
ANSI SQL users
In ANSI SQL, you check for non-null values using
IS NOT NULL. APL’s isnotnull provides the same functionality with function syntax.Usage
Syntax
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| value | scalar | Yes | The value to check for non-null. |
Returns
Returnstrue if the value is not null, otherwise returns false. Note that empty strings return true because they are not null.
Use case examples
- Log analysis
- OpenTelemetry traces
- Security logs
Filter HTTP logs to only include requests where duration information is available for performance analysis.QueryRun in PlaygroundOutput
This query filters to only include requests with duration data, ensuring accurate performance metrics without skewing calculations with null values.
| status | avg_duration | max_duration | request_count |
|---|---|---|---|
| 500 | 987.5 | 5432 | 234 |
| 200 | 145.3 | 3421 | 8765 |
| 404 | 89.7 | 987 | 1234 |
List of related functions
- isnull: Returns true if a value is null. Use this for the inverse check of isnotnull.
- isnotempty: Checks if a value is not empty and not null. Use this when you need to ensure both conditions.
- coalesce: Returns the first non-null value from a list. Use this to provide default values for null fields.
- gettype: Returns the type of a value. Use this to distinguish between null and other types.