- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I am playing with Splunk 6, and trying to learn Pivot.
Now I am seeing a few data model for internal logs, but is there any useful case of pivot for those data model?
It seems very user friendly, but I am not just familiar with the data model of internal logs.
I would really appreciate if anyone could give me a sample of pivot use for internal logs or data models.
Thank you in advance..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From my limited knowledge, the following produces quantity indexed over time by sourcetype
Using the Quota Usage object from the Splunk’s Internal Server Logs – Sample Data model
For the Split Rows select _time and the appropriate size bucket you want from the Period picker
For the Split Columns select Sourcetype
In Column Values select GB indexed, and for Value select Sum
Dave
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From my limited knowledge, the following produces quantity indexed over time by sourcetype
Using the Quota Usage object from the Splunk’s Internal Server Logs – Sample Data model
For the Split Rows select _time and the appropriate size bucket you want from the Period picker
For the Split Columns select Sourcetype
In Column Values select GB indexed, and for Value select Sum
Dave
