AMA: Match a blank field in J1QL


AMA is an ongoing series published each Thursday, highlighting questions the community has asked in our support and how-to channels on Slack. If you haven't already done so, please join us on Slack


"How does one match a blank field in J1QL? "

--Question from Kenneth on the J1 Community Slack

Here's the full question from Kenneth:

How does one match a blank field in J1QL? Like...

WITH = ""


Answer from JupiterOne Team

Hi Kenneth.  If the value is unassigned, you can filter using: = undefined

You can also use multiple conditions. As an example, if you want to find actual empty strings in addition to when the field is missing, or if it's set to a blank value, you can use  something like ...
= (undefined OR "" OR " ")
 If you negate the equality, remember to invert your logical operators, like ...
!= (undefined AND "" AND " ")
 To highlight a slightly more useful case of this syntax, suppose you want to find everyone except a certain group of people ...
FIND Person
email = (
"" OR
or, if you want to find everyone except certain people ...
FIND Person
email != (
"" AND

Articles in this Series

  1. AMA: JupiterOne and PagerDuty WebHooks
  2. AMA: Export YAML Files for Vendors Pulled from SSO Providers
  3. AMA: Map Controls and Frameworks Relationships
  4. AMA: How to Track Professional Associations, Security Forums, and Threat Intel Sources
  5. AMA: Find AWS Instances by their Private IP Address
  6. AMA: SSO Integrated Authentication, Move to Another Role
  7. AMA: send-mail action to map two properties
  8. AMA: Setup the Policy Accept Button
  9. AMA: Match a blank field in J1QL
  10. AMA: Track and Alert Using Firewall Rules Matrix
  11. AMA: AWS Roles not used for 90 days, and date related queries
  12. AMA: Manage Alerts for Jira through J1 Terraform Provider
  13. AMA: Filter Results from Specific AWS Accounts
  14. AMA: Iterate and return total count of iam users per account
  15. AMA: Search for security groups by tag
  16. AMA: Identify S3 Buckets Open to Cross-Account Attacks

Resources for this AMA


Modern Visibility in Cyberseccurity




Posted By JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

To hear more from the JupiterOne Team, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.