Write splunk query to fetch the number of working days greater than zero

Question

I am trying to write a splunk query where I need to fetch the user details with the number of working days if it is greater than zero. For example I have the below data

I, [2022-01-04T01:32:10.165065 #21461]  INFO -- : fetched user details for user_id: 5612 with working_days: 0

I, [2021-01-04T01:32:10.165065 #21461]  INFO -- : fetched user details for user_id: 5619 with working_days: 10

I, [2021-02-04T01:28:10.165065 #21461]  INFO -- : fetched user details for user_id: 8901 with working_days: 0

I, [2021-03-04T01:18:10.165065 #21461]  INFO -- : fetched user details for user_id: 306561 with working_days: 35

I need to fetch user_id along with working_days. The only condition is working days more than 0

fetched user details for user_id: 5619 with working_days: 10
fetched user details for user_id: 306561 with working_days: 35

The below query is not giving the correct result. Any help is appreciated

"fetched user details for user_id: " 
| rex field=_raw "fetched user details for user_id:(?<user_id>.*) with working_days:(?<working_days>.*)" 
| table user_id,working_days

Update 1

I have tried following ways but none of it works

"fetched user details for user_id: " 
| rex field=_raw "fetched user details for user_id:(?<user_id>.\d+) with working_days:(?<working_days>.\d+)" 
| where working_days > 0 | table user_id,working_days

"fetched user details for user_id: " 
| rex field=_raw "fetched user details for user_id:(?<user_id>.\d+) with working_days:(?<working_days>.\d+)" 
| where 'working_days' > 0 | table user_id,working_days

"fetched user details for user_id: " 
| rex field=_raw "fetched user details for user_id:(?<user_id>.\d+) with working_days:(?<working_days>.\d+)" 
| where working_days > '0' | table user_id,working_days

"fetched user details for user_id: " 
| rex field=_raw "fetched user details for user_id:(?<user_id>.\d+) with working_days:(?<working_days>.\d+)" 
| where "working_days" > '0' | table user_id,working_days

"fetched user details for user_id: " 
| rex field=_raw "fetched user details for user_id:(?<user_id>.\d+) with working_days:(?<working_days>.\d+)" 
| where not working_days == 0 | table user_id,working_days

Answer 1

Use the where or search command to filter results.

"fetched user details for user_id: " 
| rex field=_raw " user_id:(?<user_id>\d+) with working_days:(?<working_days>\d+)" 
| search working_days > 0
| table user_id,working_days