A log message can have empty parts for example empty program or SDATA field.
This guide shows how to search for log messages with empty program field, but the same method can be used on any indexed message part.
NOT program:?*
The keyword "?*", means that the message part contains at least one character. "NOT" operator negates the expressions and produces the messages with empty message part.
The same search can be done for key value pairs, for example
NOT nvpair:.sdata.test.name=?*
Consider that the log messages which doesn't have the specific key will be shown in the result as well.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center