Chapter 4. Data Models and Pivots

In this chapter, we will introduce the following:

Data Models
Pivots (along with pivot elements and filters)
Sparklines

So let's get started.

In Splunk, data models and pivots should be discussed together because data models drive (Splunk) pivots. So let's start by defining data models.

What is a data model?

The Splunk product documentation (2015) defines a data model as:

a hierarchically structured, search-time mapping of semantic knowledge about one or more datasets (that encode the domain knowledge necessary to generate specialized searches of those datasets) so that Splunk can use these specialized searches to generate reports and charts for pivot users.

Data models enable you to create Splunk reports and dashboards ...

Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk - Second Edition by Vincent Bumgarner, James D Miller

Chapter 4. Data Models and Pivots

What is a data model?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly