Reporting

Pivot 101: I see only two sample data models under Pivot. How can I add data models? Does Pivot work like Excel?

Splunk2016
Path Finder

I am familiar with Pivot tables under Microsoft Excel and would like to recreate Pivot tables in Splunk, but don't know where to begin.
Splunk requires data models, but how does a data model match my input file and why does Splunk
needs it to create a Pivot Table?
I see only two sample data models under Pivot. How can I add data models? Does Pivot work like in Excel?
I would appreciate any help. Thanks!

Tags (3)
0 Karma
1 Solution

ChrisG
Splunk Employee
Splunk Employee

There is a short Pivot Manual that covers the basic concepts and procedures about how Pivot works in Splunk Enterprise.

I also recommend the Pivot Tutorial, which has a walkthrough with a sample data set.

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

There is a short Pivot Manual that covers the basic concepts and procedures about how Pivot works in Splunk Enterprise.

I also recommend the Pivot Tutorial, which has a walkthrough with a sample data set.

Splunk2016
Path Finder

I have seen the pivot manual but how can you go about it if the Buttercup Games Sales data model does not exist? There are only two audit data models: Internal Audit Logs and Internal Server Logs Samples.
Thanks!

0 Karma

Splunk2016
Path Finder

Is there a step by step example or video in creating just Data Model than the reference to Data Model and Pivot Tutorial? The reference seems to be written for an advance Splunk user. We need the Data Model 101 course. Thanks!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

There is a Pivot video I found: https://www.youtube.com/watch?v=MdjDrDTXYWQ.

The tutorial is pretty straightforward, though: it walks you through downloading the sample data, getting it in, and creating the data model. The only extra complexity is that it includes a lookup table to enrich the data.

Splunk2016
Path Finder

I am stuck on Add lookup attributes from lookup tables but the prices_lookup under Add Attributes with a Lookup is missing and only shows the dnslookup. Did I miss a step?

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Splunk2016
Path Finder

I tried but I don't know where the prices.csv resides. It is not in the tutorialdata.zip file downloaded in the first step. Ok I found finally found it. I missed a step. Thanks!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Splunk2016
Path Finder

I used the unzipped prices.csv instead of prices.csv.zip by tutorial instructions. Thanks!

0 Karma

Splunk2016
Path Finder

Even though I am not done with the whole tutorial, I want to thank you for your answers! I think it would help if the tutorial would come with a cheatsheet. Thanks again Chris for your patience!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

The Pivot Tutorial walks through loading the Buttercup Games sample data and creating the data model.

Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...