Solved: need to delete column from the result generated af... - Splunk Community

Splunk Search

i have a timechart query which is giving me the below result

i want to exclude the columns with Zero like 02gdysjska2 ,2shbhsiskdf9

Not these names can change and or not fixed

_time	003hfhdfs89huk	02gdysjska2	13hdgsgtsjwk	21dhsysbaisps	2shbhsiskdf9	5hsusbsosv
2024-01-23T09:45:00.000+0000	0	0	0	0	0	0
2024-01-23T09:50:00.000+0000	0	0	0	0	0	0
2024-01-23T09:55:00.000+0000	0	0	0	17961	0	0
2024-01-23T10:00:00.000+0000	0	0	1183	0	0	0
2024-01-23T10:05:00.000+0000	0	0	0	0	0	55
2024-01-23T10:10:00.000+0000	0	0	0	0	0	0
2024-01-23T10:15:00.000+0000	0	0	0	0	0	0
2024-01-23T10:20:00.000+0000	0	0	0	0	0	0
2024-01-23T10:25:00.000+0000	4280	0	0	0	0	0
2024-01-23T10:30:00.000+0000	0	0	0	0	0	0
2024-01-23T10:35:00.000+0000	0	0	0	0	0	0

1 Solution

Solution

| untable _time name value
| where value != 0
| xyseries _time name value
| fillnull value=0

View solution in original post

Solution

| untable _time name value
| where value != 0
| xyseries _time name value
| fillnull value=0

Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...