The value "null" is not "null"
A "null" field in Splunk has no contents (see fillnull)
If you have the literal string "null" in your field, it has a value (namely, "null")
If you do not want to count them, you need to filter them out before doing the | stats dc(Field)
For example, you could do this:
<spl>
| search NOT Field="null"
| stats dc(Field)
<spl>
from User warren – Stack Overflow https://stackoverflow.com/questions/74074477/splunk-eventstats-dcfield-is-including-null-values-as-unique/74077088#74077088
via IFTTT