Solved: need to delete column from the result generated af... - Splunk Community

Splunk Search

i have a timechart query which is giving me the below result

i want to exclude the columns with Zero like 02gdysjska2 ,2shbhsiskdf9

Not these names can change and or not fixed

_time	003hfhdfs89huk	02gdysjska2	13hdgsgtsjwk	21dhsysbaisps	2shbhsiskdf9	5hsusbsosv
2024-01-23T09:45:00.000+0000	0	0	0	0	0	0
2024-01-23T09:50:00.000+0000	0	0	0	0	0	0
2024-01-23T09:55:00.000+0000	0	0	0	17961	0	0
2024-01-23T10:00:00.000+0000	0	0	1183	0	0	0
2024-01-23T10:05:00.000+0000	0	0	0	0	0	55
2024-01-23T10:10:00.000+0000	0	0	0	0	0	0
2024-01-23T10:15:00.000+0000	0	0	0	0	0	0
2024-01-23T10:20:00.000+0000	0	0	0	0	0	0
2024-01-23T10:25:00.000+0000	4280	0	0	0	0	0
2024-01-23T10:30:00.000+0000	0	0	0	0	0	0
2024-01-23T10:35:00.000+0000	0	0	0	0	0	0

1 Solution

Solution

| untable _time name value
| where value != 0
| xyseries _time name value
| fillnull value=0

View solution in original post

Solution

| untable _time name value
| where value != 0
| xyseries _time name value
| fillnull value=0

Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...