Reporting

What is the difference between a Pivot and a report?

twh1
Communicator

What is the difference between a Pivot report and a report?

Tags (2)
1 Solution

gcusello
SplunkTrust
SplunkTrust

hi twh1,
from http://docs.splunk.com/Documentation/Splunk/6.5.1/Pivot/IntroductiontoPivot: "The Pivot tool lets you report on a specific data set without the Splunk Search Processing Language (SPL™). First, identify a dataset that you want to report on, and then use a drag-and-drop interface to design and generate pivots that present different aspects of that data in the form of tables, charts, and other visualizations."

Instead (from http://docs.splunk.com/Documentation/Splunk/6.5.1/Report/Aboutreports): "Reports are created when you save a search or a pivot for later reuse"

In other words: a pivot is a different way to build an output (a dashboard or a report) than SPL, instead a report is an output created using SPL (creating a search) or a pivot.

I usually don't use pivots!

Pivots could be useful only to share a data set with some users that want to build own reports or dashboards without knowing SPL.

Bye.

Giuseppe

View solution in original post

ddrillic
Ultra Champion

It goes, I think, to which level of abstraction you need to work with your data. Let's say you have a complex data structure such as medical claims, which is my case ; -). then you need to define the data set and the data model. If that's the case, using pivots to create your reports makes perfect sense.

The following Introduction to Pivot says -

-- How does Pivot work? It uses data models to define the broad category of event data that you're working with, and then uses hierarchically arranged collections of data model datasets to further subdivide the original dataset and define the fields that you want Pivot to return results on. Data models and their datasets are designed by the knowledge managers in your organization. They do a lot of hard work for you to enable you to quickly focus on a specific subset of event data.

0 Karma

gcusello
SplunkTrust
SplunkTrust

hi twh1,
from http://docs.splunk.com/Documentation/Splunk/6.5.1/Pivot/IntroductiontoPivot: "The Pivot tool lets you report on a specific data set without the Splunk Search Processing Language (SPL™). First, identify a dataset that you want to report on, and then use a drag-and-drop interface to design and generate pivots that present different aspects of that data in the form of tables, charts, and other visualizations."

Instead (from http://docs.splunk.com/Documentation/Splunk/6.5.1/Report/Aboutreports): "Reports are created when you save a search or a pivot for later reuse"

In other words: a pivot is a different way to build an output (a dashboard or a report) than SPL, instead a report is an output created using SPL (creating a search) or a pivot.

I usually don't use pivots!

Pivots could be useful only to share a data set with some users that want to build own reports or dashboards without knowing SPL.

Bye.

Giuseppe

Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...