KQL query - remove null fields?

[rolltidega]

Hopefully this makes sense. If I run this KQL query:

| SecurityEvent

It returns like 50 or so fields, but most have empty/null field values. An example:

AccessList: AccessMask: AccessReason: Account: user AccountDomain: AccountExpires: AccountName: AccountSessionIdentifier: AccountType: User Activity: 4688 - A new process has been created. AdditionalInfo: AdditionalInfo2: AllowedToDelegateTo: Attributes: AuditPolicyChanges: AuditsDiscarded: AuthenticationLevel: AuthenticationPackageName: AuthenticationProvider:

It would be nice if something could be added to the code to strip out the fields will no values in them and rewrite the JSON so that only the fields with values would exist. (Note, a Splunk app from 2018 somehow does this: TA-ms-loganalytics) Example:

Account: user AccountType: User Activity: 4634 - An account was logged off. Channel: Security Computer: computername EventID: 4634 EventOriginId: redacted EventSourceName: Microsoft-Windows-Security-Auditing Level: 8 LogonType: 2 LogonTypeName: 2 - Interactive MG: 00000000-0000-0000-0000-000000000001 ManagementGroupName: AOI-c3b4ed48-5fce-4363-859f-670abe521938 SourceComputerId: 310b3c30-10b4-479a-812c-cb5731893d03 SourceSystem: OpsManager TargetAccount: account TargetDomainName: domain TargetLogonId: 0x2a2e0d31 TargetUserName: redacted TargetUserSid: redacted Task: 12545 TenantId: reacted TimeCollected: 2022-08-11T14:10:03.293Z TimeGenerated: 2022-08-11T14:10:02.437Z Type: SecurityEvent

This makes the JSON event in Splunk much cleaner and easier to read. Thoughts?