Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Transpose and Timechart giving unnecessary fields

jofermin
Explorer
‎08-02-2017 09:28 AM

After I transpose my timechart, I'm getting 3 fields under my Column that I want to get rid of: _span, _spandays, and _time. It looks like this:

column | row 1 | row 2
_time | ### | ###
... | .... | ...
_span |
_spandays|

Is there a way to hide the rows or delete them?

I've tried using field - _span, but it doesn't work.

Here's my search:

| timechart limit=1000 span=3month dc(user) by Customer
| transpose
| fields - _span
| rename column as Customer, "row 1" as "3 Months Before", "row 2" as "Latest 3 Months"

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-02-2017 09:36 AM

Add this to the end:

| regex column!=("^_")

Or better yet add this before the transpose command:

| fields - _*

View solution in original post

Reply
Solved! Jump to solution

cmerriman
Super Champion
‎08-02-2017 09:39 AM

you can do a |search column!=_* after transpose
or add |fields - _* before transpose

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎08-02-2017 09:36 AM

Add this to the end:

| regex column!=("^_")

Or better yet add this before the transpose command:

| fields - _*
Reply
Solved! Jump to solution

jofermin
Explorer
‎08-02-2017 09:59 AM

Thanks, both work perfectly!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...