I am trying to remove columns from my search when they return null. Previously, my entire panel would just result with "no results found", but I wanted to display something here instead of that message, so I appended a column, but when I tried to use `fields - (column names)`, nothing really happened.
Here is my search:
index="nitro_prod_summary" earliest=-1h@m latest=@m [| `nitro_prod_cmdb` | search Category="merch" Service="*" Application="*" | search Application!="LOD" | stats count by Application | table Application] | join Application [ | `nitro_prod_cmdb` ] | search Alert_Type="*" Metric_Category="*" | eval FilterKey=Description.ID | dedup FilterKey |search Category!="FINANCE" | table Alert_Type Category Service Application Metric_Category Description Key ID | rename Metric_Category as "Type" Alert_Type as "Alert" count as Count | sort +Alert | appendpipe [stats count | eval "Active Alerts"="None" | where count==0 | fields - count]
I tried:
`fields - count, Alert_Type, Category, Service, Application, Metric_Category, Description, Key, ID`
`fields - count Alert_Type Category Service Application Metric_Category Description Key ID`
`fields - `
Any Ideas?
↧