Chapter 5. Extending Intelligence – Data Models and Pivoting
In this chapter, we will introduce the Splunk data model and pivoting functionality. We will cover the following recipes:
- Creating a data model for web access logs
- Creating a data model for application logs
- Accelerating data models
- Pivoting total sales transactions
- Pivoting purchases by geographical location
- Pivoting slowest responding web pages
- Pivot charting top error codes
Introduction
In many of the previous chapters, we leveraged Splunk's SPL quite a bit in order to build searches, reports, and dashboards. In this chapter, we will learn how to leverage Splunk's data model and Pivot functionality, and demonstrate how these can be leveraged by less technical users to easily build reports, charts, and dashboards.
The first set of recipes in this chapter involves building Splunk data models. Data models allow Splunk datasets to be mapped, together with associated knowledge, into a hierarchical structure that...