Solved: Show only non-zero fields

ericchaucl · ‎08-20-2017

Hi,

How can I run a search and only display those columns with non-zero values? For example, I have fields test1, test2, test3, .... test99, in which only test2 and test10 are non-zero. Would be perfect if there is something like this:
| fields test* | where test* > 0

P.S. To be more specific, this scenario happens when I create and apply a TFIDF model. The system automatically generate a huge # of fields with suffix _tfidf. I would like to run some query and is interested in those non-zero fields only.

3no · ‎08-21-2017

Hey,

| table test* | transpose | rename column as Test "row 1" as count | where count > 0

3no.

View solution in original post

3no · ‎08-21-2017

Hey,

| table test* | transpose | rename column as Test "row 1" as count | where count > 0

3no.

ericchaucl · ‎08-21-2017

It works! Million thanks!

Show only non-zero fields

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation