Reporting

Pivot 101: I see only two sample data models under Pivot. How can I add data models? Does Pivot work like Excel?

Splunk2016
Path Finder

I am familiar with Pivot tables under Microsoft Excel and would like to recreate Pivot tables in Splunk, but don't know where to begin.
Splunk requires data models, but how does a data model match my input file and why does Splunk
needs it to create a Pivot Table?
I see only two sample data models under Pivot. How can I add data models? Does Pivot work like in Excel?
I would appreciate any help. Thanks!

Tags (3)
0 Karma
1 Solution

ChrisG
Splunk Employee
Splunk Employee

There is a short Pivot Manual that covers the basic concepts and procedures about how Pivot works in Splunk Enterprise.

I also recommend the Pivot Tutorial, which has a walkthrough with a sample data set.

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

There is a short Pivot Manual that covers the basic concepts and procedures about how Pivot works in Splunk Enterprise.

I also recommend the Pivot Tutorial, which has a walkthrough with a sample data set.

Splunk2016
Path Finder

I have seen the pivot manual but how can you go about it if the Buttercup Games Sales data model does not exist? There are only two audit data models: Internal Audit Logs and Internal Server Logs Samples.
Thanks!

0 Karma

Splunk2016
Path Finder

Is there a step by step example or video in creating just Data Model than the reference to Data Model and Pivot Tutorial? The reference seems to be written for an advance Splunk user. We need the Data Model 101 course. Thanks!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

There is a Pivot video I found: https://www.youtube.com/watch?v=MdjDrDTXYWQ.

The tutorial is pretty straightforward, though: it walks you through downloading the sample data, getting it in, and creating the data model. The only extra complexity is that it includes a lookup table to enrich the data.

Splunk2016
Path Finder

I am stuck on Add lookup attributes from lookup tables but the prices_lookup under Add Attributes with a Lookup is missing and only shows the dnslookup. Did I miss a step?

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Splunk2016
Path Finder

I tried but I don't know where the prices.csv resides. It is not in the tutorialdata.zip file downloaded in the first step. Ok I found finally found it. I missed a step. Thanks!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Splunk2016
Path Finder

I used the unzipped prices.csv instead of prices.csv.zip by tutorial instructions. Thanks!

0 Karma

Splunk2016
Path Finder

Even though I am not done with the whole tutorial, I want to thank you for your answers! I think it would help if the tutorial would come with a cheatsheet. Thanks again Chris for your patience!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

The Pivot Tutorial walks through loading the Buttercup Games sample data and creating the data model.

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...