Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Remove column from table if
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
matthaeus
Explorer
08-04-2020
12:01 AM
Hey there!
I'm quite new in Splunk an am struggeling again. What I'm trying to do is to hide a column if every field in that column has a certain value. I've already searched a lot online and found several solutions, that should work for me but don't.
Can anybody help me out here?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
08-04-2020
05:08 AM
sample:
| makeresults
| eval _raw="unit,col1,col2,col3,col4,col5
a,-1,-2,-1,-1,-1
b,-1,-2,-2,-1,0
c,0,-2,0,-2,-2
d,-2,-2,0,-2,0"
| multikv forceheader=1
| table unit,col1,col2,col3,col4,col5
| untable unit cols value
| eventstats dc(value) as check1 by cols
| where !(check1=1 AND value=-2)
| xyseries unit cols value
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
08-04-2020
05:08 AM
sample:
| makeresults
| eval _raw="unit,col1,col2,col3,col4,col5
a,-1,-2,-1,-1,-1
b,-1,-2,-2,-1,0
c,0,-2,0,-2,-2
d,-2,-2,0,-2,0"
| multikv forceheader=1
| table unit,col1,col2,col3,col4,col5
| untable unit cols value
| eventstats dc(value) as check1 by cols
| where !(check1=1 AND value=-2)
| xyseries unit cols value
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
matthaeus
Explorer
08-04-2020
05:34 AM
Works perfectly, thanks so much!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thambisetty
SplunkTrust
08-04-2020
05:51 AM
@to4kawa answer works only for the data you posted, what if the values gets changed , lets say -2 becomes -3, every time you can't hardcode the value if you don't know the value exactly.
————————————
If this helps, give a like below.
If this helps, give a like below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thambisetty
SplunkTrust
08-04-2020
04:59 AM
can you share some examples?
————————————
If this helps, give a like below.
If this helps, give a like below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
matthaeus
Explorer
08-04-2020
05:08 AM
So I have Data like this:
| col1 | col2 | col3 | col4 | col5 | |
| a | -1 | -2 | -1 | -1 | -1 |
| b | -1 | -2 | -2 | -1 | 0 |
| c | 0 | -2 | 0 | -2 | -2 |
| d | -2 | -2 | 0 | -2 | 0 |
And what I want is, that column2 will not be displayed since all values in that column are "-2".
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thambisetty
SplunkTrust
08-04-2020
05:26 AM
I am using inputcsv and outputcsv.
if you run below search that contains field town has same value.
| makeresults
| eval state="AndhraPradesh,Karnataka,Tamilnadu"
| makemv state delim=","
| mvexpand state
| table state
| eval city=case(state="AndhraPradesh","Nellore,Vijayawada,Vizag",state="Karnataka","Bengaluru,Mysore",state="Tamilnadu","chennai")
| makemv city delim=","
| mvexpand city
| eval town="certain value"
and I have written these results to csv to make use of them in search which is used in fields command. The subsearch will take fields which have different values.
| makeresults
| eval state="AndhraPradesh,Karnataka,Tamilnadu"
| makemv state delim=","
| mvexpand state
| table state
| eval city=case(state="AndhraPradesh","Nellore,Vijayawada,Vizag",state="Karnataka","Bengaluru,Mysore",state="Tamilnadu","chennai")
| makemv city delim=","
| mvexpand city
| eval town="certain value"
| outputcsv test.csv
| fields [| inputcsv test.csv | stats dc(*) as * | transpose | where 'row 1' > 1 | table column | stats values(column) as search delim="," | table search]
————————————
If this helps, give a like below.
If this helps, give a like below.
Get Updates on the Splunk Community!
Your Guide to Splunk Digital Experience Monitoring
A flawless digital experience isn't just an advantage, it's key to customer loyalty and business success. But ...
Data Management Digest – November 2025
Welcome to the inaugural edition of Data Management Digest!
As your trusted partner in data innovation, the ...
Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA
Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...
