Hi There,
Is it possible to show the value zero instead of ! symbol in Canvas. if the returned document value is zero.
Thanks,
Raj
Zeros are displayed:
Something else is going wrong, there. Can you paste the error message itself? Are you maybe dividing by zero or something like that?
Thanks Chris For the reply for example this expression
filters
| essql
query="SELECT COUNT(DISTINCT fname.keyword) as client_ip
FROM "nessus-*" WHERE QUERY('risk_factor.keyword:Critical') AND "@timestamp" > NOW() - INTERVAL 24 HOURS AND "@timestamp" <= NOW () "
| math "client_ip"
| metric "Unique Count of IP - Crtical Risk"
since the result is zero i dont get any values
for example I have extended the time frame to 7 days for example
filters
| essql
query="SELECT COUNT(DISTINCT fname.keyword) as client_ip
FROM "nessus-*" WHERE QUERY('risk_factor.keyword:Critical') AND "@timestamp" > NOW() - INTERVAL 7 DAYS AND "@timestamp" <= NOW () "
| math "client_ip"
| metric "Unique Count of IP - Crtical Risk"
since the result is 1 , I get the value
I have attached the screenshot 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.