The isnotempty function returns true if the argument isn’t an empty string and isn’t null. Use this function to filter for records with valid, non-empty values, ensure data quality, or validate that required fields contain actual content.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

In Splunk SPL, you check for non-empty values using conditions like field!="" and isnotnull(field). APL's isnotempty combines both checks.

```sql Splunk example | where field!="" AND isnotnull(field) ```
['sample-http-logs']
| where isnotempty(field)

In ANSI SQL, you check for non-empty and non-null values using separate conditions. APL's isnotempty provides a more concise approach.

```sql SQL example SELECT * FROM logs WHERE field IS NOT NULL AND field <> ''; ```
['sample-http-logs']
| where isnotempty(field)

Usage

Syntax

isnotempty(value)

Parameters

Name Type Required Description
value scalar Yes The value to check for non-emptiness and non-null.

Returns

Returns true if the value is not an empty string and not null, otherwise returns false.

Use case examples

Filter HTTP logs to only include requests with valid geographic information for accurate location-based analytics.

Query

['sample-http-logs']
| where isnotempty(['geo.city']) and isnotempty(['geo.country'])
| summarize request_count = count() by ['geo.city'], ['geo.country']
| sort by request_count desc
| limit 10

Run in Playground

Output

geo.city geo.country request_count
New York United States 2341
London United Kingdom 1987
Tokyo Japan 1654
Paris France 1432

This query filters requests to only include those with complete geographic information, ensuring accurate location-based analysis without null or empty values.

Analyze only traces with complete service information to ensure accurate service performance metrics.

Query

['otel-demo-traces']
| where isnotempty(['service.name']) and isnotempty(kind)
| summarize avg_duration = avg(duration), span_count = count() by ['service.name'], kind
| sort by span_count desc
| limit 10

Run in Playground

Output

service.name kind avg_duration span_count
frontend server 125ms 4532
checkout client 89ms 3421
cart internal 56ms 2987

This query filters traces to only include spans with complete service and kind information, ensuring reliable performance analysis without incomplete data.

Identify authenticated users by filtering out requests without valid user identifiers.

Query

['sample-http-logs']
| extend authenticated = isnotempty(id)
| summarize total_attempts = count(), authenticated_attempts = countif(authenticated) by status
| extend authenticated_percentage = round(100.0 * authenticated_attempts / total_attempts, 2)
| sort by total_attempts desc

Run in Playground

Output

status total_attempts authenticated_attempts authenticated_percentage
401 1234 889 72.04
403 987 864 87.53

This query distinguishes between authenticated and anonymous failed access attempts by checking if user IDs are present, helping security teams understand attack patterns.

  • isempty: Returns true if a value is empty or null. Use this for the inverse check of isnotempty.
  • isnotnull: Checks only if a value is not null. Use this when you specifically need to test for null without checking for empty strings.
  • strlen: Returns the length of a string. Use this when you need to ensure strings have minimum content length beyond just being non-empty.
  • coalesce: Returns the first non-null or non-empty value. Use this to select from multiple fields or provide defaults.

Good morning

I'm here to help you with the docs.

I
AIBased on your context