Synopsis

A function that marks non-matched events as 0 instead of  'No Results Were Found'. Mostly recommended for monitor usage which you would like to be alerted in case of none matched events to your query.

Syntax

^{set emptylogs}

Required Arguments

count aggregation before the function

Optional Arguments

None

Description

When used following the initial simple search query, returns the number of events resulting from the search. When used iteratively, counts the number of results returned from the complex search preceding the pipe. In case of no matched events - returns 0.

Examples

Example 1: 

  ^{ResponseStatus >= 400 in log.access | count | set emptylogs}

 Returns the number of events in log access which their Response Status value is greater than 400, 0 if no events at all.