Data
Reader small image

You're reading from  Splunk 7 Essentials - Third Edition

Product typeBook
Published inMar 2018
Reading LevelBeginner
PublisherPackt
ISBN-139781788839112
Edition3rd Edition
Languages
C++
Tools
Splunk
Concepts
Operational Intelligence
Right arrow
Authors (4):
J-P Contreras
J-P Contreras
author image
J-P Contreras

J-P Contreras, a Splunk-certified administrator and sales engineer, has delivered value-oriented data analytics and performance planning solutions for 20+ years. He has built award-winning consulting teams to help companies turn data into analytical insights. He helps companies implement Splunk and enjoys everything the Splunk community offers. He received his MBA in e-commerce from DePaul University's Kellstadt Graduate School of Business, Chicago, in 2001. He trains in DePaul's Continuing Education Program and is a member of DePaul's Driehaus School of Business Advisory Board. He'd like to thank his family, especially his wife and children, and close friends for making life so enjoyable.
Read more about J-P Contreras

Steven Koelpin
Steven Koelpin
author image
Steven Koelpin


Read more about Steven Koelpin

Erickson Delgado
Erickson Delgado
author image
Erickson Delgado

Erickson Delgado is an enterprise architect who loves to mine and analyze data. He began using Splunk in version 4.0 and has pioneered the use of the application in his current work. In the earlier parts of his career, he worked with start-up companies in the Philippines to help build their open source infrastructure. He then worked in the cruise industry as a shipboard IT manager, and he loved it. From there, he was recruited to work at the company's headquarters as a software engineer.
Read more about Erickson Delgado

Betsy Page Sigman
Betsy Page Sigman
author image
Betsy Page Sigman

Betsy Page Sigman is a distinguished professor at the McDonough School of Business at Georgetown University in Washington, D.C. She has taught courses in statistics, project management, databases, and electronic commerce for the last 16 years, and has been recognized with awards for teaching and service. She has also worked at George Mason University in the past. Her recent publications include a Harvard Business case study and a Harvard Business review article. Additionally, she is a frequent media commentator on technological issues and big data.
Read more about Betsy Page Sigman

View More author details
Right arrow

Data Models and Pivot

In larger organizations, not every user wants to or should have to write a Splunk search to get analytical values. Many users will want to create their owns reports and analyses in an ad hoc fashion, but will reject tools that force them to write what they perceive as code.

Splunk data models and the Pivot tool work hand in hand to meet the needs of these types of people. These functionalities enable more casual end users to generate statistical data and charts without needing to know Search Processing Language (SPL).

A data model is a hierarchical mapping of data based on search results. The output of the data model's underlying search queries can be visualized as a set of rows and columns in a spreadsheet, using the Pivot tool.

The Pivot tool is what is used to present data fields as rows and columns of data. Using the Pivot tool, a user can create...

Creating a data model

To create a data model of our existing Eventgen data, perform the following steps:

  1. In the Destinations app, click on the Settings menu. Under the Knowledge Objects section, select Data Models. This page will be empty until you have created your first data model.
  2. Click on the New Data Model button in the upper-right corner of the screen to proceed.
  1. In the Data Models screen, click on New Data Model.
  2. Give your new data model a Title and ID, and ensure that it is created in the Destinations app. Refer to the following screenshot as a guide:
  1. Click on Create. You are now in the Destinations data model editing page.
  2. Click on the Add Dataset dropdown and select Root Event. The concept of data model hierarchy is now in play. The Root Event or Root Search is the base search that will populate the data for the entire data model tree.
  3. Populate the Root Event...

Data model acceleration

When you enable acceleration for a data model, Splunk internally pre-summarizes the data defined by the data model for a given time range. This gives a tremendous boost to the search speed for your data model when searches are executed within the given time range. There are a couple of things to remember when you enable data model acceleration:

  1. Once you enable acceleration for a data model, you will no longer be able to edit the data model objects. Ensure that your model and related child objects and attributes are accurate before implementing acceleration. A huge data model may take some time to complete the acceleration process, so plan accordingly. You will only be able to edit the data model again if you disable the acceleration.
  2. Select your summary range wisely. The summary range is the calculation time span that the acceleration will use against...

Rearranging your dashboard

To change the arrangement of the panels on the dashboard, follow these steps:

  1. In the Summary Dashboard, click on the Edit button and select Edit Panels. This will convert the panels into widgets that you can drag around using each widgets header area.
  2. Change the final layout of your Summary Dashboard to look like the following screenshot. Click on Save once you have laid the widgets out in the correct orientation:
Summary Dashboard

Summary

In this chapter, we showed you how to build a three-panel dashboard without writing a single Splunk search command. Pivots can be a powerful tool to expose Splunk to business users who are data savvy, but perhaps initially resist learning to write Splunk commands to extract value from data.

To enable Pivots, we showed you how to create a data model used by the Pivot editor to create analyses, reports, and dashboards. You walked through creating your data model objects based on a hierarchy. You saw how data models can consist of attributes from existing data fields, inherited from parent objects, or extracted using a regular expression.

Finally, you used the very intuitive Pivot editor and created three different visualizations: area chart, pie chart, and single value with trend sparkline. You used those to create and organize a three-panel dashboard.

In the next Chapter...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 7 of 10
Next Chapter
You have been reading a chapter from
Splunk 7 Essentials - Third Edition
Published in: Mar 2018Publisher: PacktISBN-13: 9781788839112
© 2018 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (4)

author image
J-P Contreras

J-P Contreras, a Splunk-certified administrator and sales engineer, has delivered value-oriented data analytics and performance planning solutions for 20+ years. He has built award-winning consulting teams to help companies turn data into analytical insights. He helps companies implement Splunk and enjoys everything the Splunk community offers. He received his MBA in e-commerce from DePaul University's Kellstadt Graduate School of Business, Chicago, in 2001. He trains in DePaul's Continuing Education Program and is a member of DePaul's Driehaus School of Business Advisory Board. He'd like to thank his family, especially his wife and children, and close friends for making life so enjoyable.
Read more about J-P Contreras

author image
Steven Koelpin


Read more about Steven Koelpin

author image
Erickson Delgado

Erickson Delgado is an enterprise architect who loves to mine and analyze data. He began using Splunk in version 4.0 and has pioneered the use of the application in his current work. In the earlier parts of his career, he worked with start-up companies in the Philippines to help build their open source infrastructure. He then worked in the cruise industry as a shipboard IT manager, and he loved it. From there, he was recruited to work at the company's headquarters as a software engineer.
Read more about Erickson Delgado

author image
Betsy Page Sigman

Betsy Page Sigman is a distinguished professor at the McDonough School of Business at Georgetown University in Washington, D.C. She has taught courses in statistics, project management, databases, and electronic commerce for the last 16 years, and has been recognized with awards for teaching and service. She has also worked at George Mason University in the past. Her recent publications include a Harvard Business case study and a Harvard Business review article. Additionally, she is a frequent media commentator on technological issues and big data.
Read more about Betsy Page Sigman

Other recommended products

Related to this chapter

Splunk 7.x Quick Start Guide

Splunk 7.x Quick Start Guide

Splunk is a leading platform and solution for collecting, searching, and extracting value from ever increasing amounts of big data – and big data is eating the world! This book covers all the crucial Splunk topics and gives you the information and examples to get the immediate job done. You will find enough insights to support further research for using Splunk to suit any business environment or situation.

BookNov 2018298 pages
Splunk Operational Intelligence Cookbook

Splunk Operational Intelligence Cookbook

This book demonstrates the power of Splunk 7.x to offer you quick solutions and strategies to bring efficient operational intelligence in your organization. Implement a wide range of tasks in recipe format to perform operations on machine data. Learn to achieve intelligent data-driven way using machine learning capabilities to explore complex data.

BookMay 2018541 pages
Mastering Splunk 8

Mastering Splunk 8

This book will cover Splunk's offerings to efficiently capture, index, and correlate data from a searchable repository all in real-time to generate insightful graphs, reports, dashboards, and alerts. Developers and architects alike can be in high demand if they become experts with this tool.

BookDec 2020456 pages
Implementing Splunk 7

Implementing Splunk 7

This book will help you implement Splunk 7's new services and will show you how to utilize them to quickly and efficiently process machine-generated big data. You will explore Splunk Cloud and the Machine Learning Toolkit and use them with ease throughout your organization. By the end of the book, you will have learned to implement these services in your tasks at work.

BookMar 2018576 pages
Big Data Visualization

Big Data Visualization

Uncover new approaches to big data visualization to make your analysis more effective and efficient with Big Data Visualization. Featuring in-depth coverage of big data analysis concepts together with industry-proven techniques, you?ll learn how to approach the challenge of big data visualization with confidence, ease and precision.

BookFeb 2017304 pages
Learn Grafana 7.0

Learn Grafana 7.0

This book will focus on Grafana 7.0's features to build interactive dashboards to visualize and monitor data. You will cover the administrative aspects of Grafana and working with various plugins. By the end of this book, you will have enough knowledge to query, visualize, and understand your metrics and use the new improved security features.

BookJun 2020410 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages