Solved: need to delete column from the result generated af... - Splunk Community

Splunk Search

i have a timechart query which is giving me the below result

i want to exclude the columns with Zero like 02gdysjska2 ,2shbhsiskdf9

Not these names can change and or not fixed

_time	003hfhdfs89huk	02gdysjska2	13hdgsgtsjwk	21dhsysbaisps	2shbhsiskdf9	5hsusbsosv
2024-01-23T09:45:00.000+0000	0	0	0	0	0	0
2024-01-23T09:50:00.000+0000	0	0	0	0	0	0
2024-01-23T09:55:00.000+0000	0	0	0	17961	0	0
2024-01-23T10:00:00.000+0000	0	0	1183	0	0	0
2024-01-23T10:05:00.000+0000	0	0	0	0	0	55
2024-01-23T10:10:00.000+0000	0	0	0	0	0	0
2024-01-23T10:15:00.000+0000	0	0	0	0	0	0
2024-01-23T10:20:00.000+0000	0	0	0	0	0	0
2024-01-23T10:25:00.000+0000	4280	0	0	0	0	0
2024-01-23T10:30:00.000+0000	0	0	0	0	0	0
2024-01-23T10:35:00.000+0000	0	0	0	0	0	0

1 Solution

Solution

| untable _time name value
| where value != 0
| xyseries _time name value
| fillnull value=0

View solution in original post

Solution

| untable _time name value
| where value != 0
| xyseries _time name value
| fillnull value=0

Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...