not function in APL to reverse the boolean value of an expression. It returns true when the input is false, and false when the input is true.
not is useful for inverting filter conditions, flagging events that fail a specific test, and building readable logical expressions. It makes queries easier to understand than using == false or != true directly.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.Splunk SPL users
Splunk SPL users
In Splunk SPL,
NOT is a keyword used in search or where clauses. In APL, not() is a function that wraps a boolean expression and can be used in extend, where, and project operators.ANSI SQL users
ANSI SQL users
In ANSI SQL,
NOT is a keyword that negates a boolean expression. In APL, not() is a function with the same effect.Usage
Syntax
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
expr | bool | Yes | The boolean expression to reverse. |
Returns
true if expr is false. false if expr is true.
Example
Usenot to identify requests using non-standard HTTP methods, which can be a sign of reconnaissance or abuse.
Query
| _time | id | status | method | uri |
|---|---|---|---|---|
| 2024-11-14 10:00:00 | user-9 | 200 | POST | /api/data |
| 2024-11-14 10:01:00 | user-5 | 403 | DELETE | /admin/users |
List of related functions
- isfinite: Returns
truefor finite values. Combine withnotasnot(isfinite(x))to filter out invalid numeric results. - isinf: Returns
truefor infinite values. Usenot(isinf(x))as an alternative toisfinitewhen NaN values are not a concern. - isnan: Returns
truefor NaN. Usenot(isnan(x))to keep only valid numeric rows. - isint: Returns
truefor integers. Usenot(isint(x))to keep only non-integer values. - sign: Returns the sign of a value. Use it when you need a numeric result rather than a boolean negation.