Solved: Re: How to show only fields over 0?

vtsguerrero · ‎07-30-2014

I have a query like this:
index=main Product=$product$ | time chart count by Quantity
But I need it to return only values > 0
What should I change here?
Thanks in advance!

strive · ‎07-30-2014

index=main Product=$product$ | timechart count by Quantity | where count > 0

Updated

The search wont work when the timechart output is like this

_time Quantity1  Quantity2 Quantity3
T1     100        0         120
T2      0         1          1

If you just need quantities where count is greater than zero., then use stats

index=main Product=$product$ | stats count by Quantity | where count > 0

If you want to show timechart and not to show dips when value is zero then do this

index=main Product=$product$ | timechart cont=f count by Quantity

View solution in original post

strive · ‎07-30-2014

index=main Product=$product$ | timechart count by Quantity | where count > 0

Updated

The search wont work when the timechart output is like this

_time Quantity1  Quantity2 Quantity3
T1     100        0         120
T2      0         1          1

If you just need quantities where count is greater than zero., then use stats

index=main Product=$product$ | stats count by Quantity | where count > 0

If you want to show timechart and not to show dips when value is zero then do this

index=main Product=$product$ | timechart cont=f count by Quantity

flacunsia · ‎04-23-2015

cont=f did the trick with timechart... thanks!

How to show only fields over 0?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

How to show only fields over 0?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits