Solved: How to show only fields over 0?

vtsguerrero · ‎07-30-2014

I have a query like this:
index=main Product=$product$ | time chart count by Quantity
But I need it to return only values > 0
What should I change here?
Thanks in advance!

strive · ‎07-30-2014

index=main Product=$product$ | timechart count by Quantity | where count > 0

Updated

The search wont work when the timechart output is like this

_time Quantity1  Quantity2 Quantity3
T1     100        0         120
T2      0         1          1

If you just need quantities where count is greater than zero., then use stats

index=main Product=$product$ | stats count by Quantity | where count > 0

If you want to show timechart and not to show dips when value is zero then do this

index=main Product=$product$ | timechart cont=f count by Quantity

View solution in original post

strive · ‎07-30-2014

index=main Product=$product$ | timechart count by Quantity | where count > 0

Updated

The search wont work when the timechart output is like this

_time Quantity1  Quantity2 Quantity3
T1     100        0         120
T2      0         1          1

If you just need quantities where count is greater than zero., then use stats

index=main Product=$product$ | stats count by Quantity | where count > 0

If you want to show timechart and not to show dips when value is zero then do this

index=main Product=$product$ | timechart cont=f count by Quantity

flacunsia · ‎04-23-2015

cont=f did the trick with timechart... thanks!

How to show only fields over 0?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to show only fields over 0?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...