Hi @pyro_wood,

Thanks.
but it is not hiding columns however it makes them empty.
Is there any way it could be hidden?

if i will put n/a it will also come in my search.
and if i will hide i will not get column that is irrelevant.

hope I am clear.

@sahil237888, how about something like the following:

| eval data=case(host=="abc",unit,host=="xyz",value)
| table host data

Following is a run anywhere search:

| makeresults
| eval data="host=abc,value=123,unit=aa;host=xyz,value=234,unit=bb;"
| makemv data delim=";"
| mvexpand data
| rename data as _raw
| KV
| eval data=case(host=="abc",unit,host=="xyz",value)
| table host data

@niketnilay,
I have tried but it is not hiding any column.

Can you suggest something else.

What should be the expected output? Can you show the final table you expect?
You can't hide a column for just for one row and show for other row. If a column is present for any of the row , that column will be shown for whole table.

_Time Host Ecnt PingTime Availability
17-08-18 8:09 A 5 400 Available
17-08-18 8:10 B 8 8 Not Available
17-08-18 8:11 C 4 4 Down
17-08-18 8:12 D 0 100 Available
17-08-18 8:13 E 1 600 Available
17-08-18 8:14 F 7 7 Not Available
17-08-18 8:15 G 8 500 Down
17-08-18 8:16 H 0 3100 Down
17-08-18 8:17 I 4 8 Not Available
17-08-18 8:18 J 7 600 Down
17-08-18 8:19 K 5 500 Available
17-08-18 8:20 L 4 586 Available
17-08-18 8:21 M 0 754 Not Available
17-08-18 8:22 N 6 421 Down
17-08-18 8:23 O 7 856 Available
17-08-18 8:24 P 7 0 Down

This is the sample table. Now My requirement is :

If Ecnt > 5
Display _time,Host, Ecnt,PingTime
Else
Hide Ecnt column

If PingTime >1000
Display _time,Host,PingTime,Ecnt,Availability
Else
hide PingTime column