isnull function evaluates its argument and returns true if the argument is null. Use this function to identify missing data, filter out incomplete records, or validate that optional fields are absent.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk SPL, you check for null values using
isnull() function. APL’s isnull works the same way.ANSI SQL users
ANSI SQL users
In ANSI SQL, you check for null values using
IS NULL. APL’s isnull provides the same functionality with function syntax.Usage
Syntax
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| value | scalar | Yes | The value to check for null. |
Returns
Returnstrue if the value is null, otherwise returns false. Note that empty strings return false because they are not null.
Use case examples
- Log analysis
- OpenTelemetry traces
- Security logs
Identify HTTP requests with missing duration information to assess data quality and completeness.QueryRun in PlaygroundOutput
This query identifies the percentage of requests missing duration data by status code, helping assess logging infrastructure reliability and identify potential issues.
| status | total_requests | missing_duration_count | missing_percentage |
|---|---|---|---|
| 500 | 1234 | 123 | 9.97 |
| 200 | 8765 | 87 | 0.99 |
| 404 | 2341 | 23 | 0.98 |
List of related functions
- isnotnull: Returns true if a value is not null. Use this for the inverse check of isnull.
- isempty: Checks if a value is empty or null. Use this when you need to check for both null and empty strings.
- coalesce: Returns the first non-null value from a list. Use this to provide default values for null fields.
- gettype: Returns the type of a value. Use this to distinguish between null and other types.