Data Model in Splunk (Part-III)
Hei Welcome back once again, in this series of “Data Model in Splunk” we will try to cover all possible aspects of data models.
In the previous blog, “Data Model In Splunk (Part-II)” we have discussed the “child dataset”.
In this third part of the data model series, we will discuss the usage of pivot tables.
A pivot is a tool by which we can create reports and dashboards without knowing the SPL query.
So as we all know that we have already created a “data model” known as “Zomato”.
1st we will access our data model,
Click on Settings and Data Model
Then select the data model which you want to access.
Next Select Pivot
Then Select the data set which you want to access, in our case we are selecting “continent”
This is the interface of the pivot. From the filters dropdown, one can choose the time range. After that Using Split columns and split rows one can choose fields you want to add to the table. Using column values one can choose multiple functions (count, distinct count, average, maximum, minimum, etc).
From the left-handed sidebar, you can choose what kind of visualization you want to affect your data.
Therefore By clicking on the save as button, you can save this particular data as a report or dashboard whatever you like.
Hope you all enjoyed this blog “Data Model in Splunk (Part-III)” and this particular data model series. See you all. stay tuned.
Previous Blog of this data model series:
Data Model in Splunk (Part-II)
Happy Splunking!!
