Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

What is the difference between a Pivot and a report?

twh1
Communicator
‎12-26-2016 10:07 PM

What is the difference between a Pivot report and a report?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-27-2016 07:03 AM

hi twh1,
from http://docs.splunk.com/Documentation/Splunk/6.5.1/Pivot/IntroductiontoPivot: "The Pivot tool lets you report on a specific data set without the Splunk Search Processing Language (SPL™). First, identify a dataset that you want to report on, and then use a drag-and-drop interface to design and generate pivots that present different aspects of that data in the form of tables, charts, and other visualizations."

Instead (from http://docs.splunk.com/Documentation/Splunk/6.5.1/Report/Aboutreports): "Reports are created when you save a search or a pivot for later reuse"

In other words: a pivot is a different way to build an output (a dashboard or a report) than SPL, instead a report is an output created using SPL (creating a search) or a pivot.

I usually don't use pivots!

Pivots could be useful only to share a data set with some users that want to build own reports or dashboards without knowing SPL.

Bye.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎12-27-2016 07:25 AM

It goes, I think, to which level of abstraction you need to work with your data. Let's say you have a complex data structure such as medical claims, which is my case ; -). then you need to define the data set and the data model. If that's the case, using pivots to create your reports makes perfect sense.

The following Introduction to Pivot says -

-- How does Pivot work? It uses data models to define the broad category of event data that you're working with, and then uses hierarchically arranged collections of data model datasets to further subdivide the original dataset and define the fields that you want Pivot to return results on. Data models and their datasets are designed by the knowledge managers in your organization. They do a lot of hard work for you to enable you to quickly focus on a specific subset of event data.

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-27-2016 07:03 AM

hi twh1,
from http://docs.splunk.com/Documentation/Splunk/6.5.1/Pivot/IntroductiontoPivot: "The Pivot tool lets you report on a specific data set without the Splunk Search Processing Language (SPL™). First, identify a dataset that you want to report on, and then use a drag-and-drop interface to design and generate pivots that present different aspects of that data in the form of tables, charts, and other visualizations."

Instead (from http://docs.splunk.com/Documentation/Splunk/6.5.1/Report/Aboutreports): "Reports are created when you save a search or a pivot for later reuse"

In other words: a pivot is a different way to build an output (a dashboard or a report) than SPL, instead a report is an output created using SPL (creating a search) or a pivot.

I usually don't use pivots!

Pivots could be useful only to share a data set with some users that want to build own reports or dashboards without knowing SPL.

Bye.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...