In this recipe, you started off replicating a similar path to the first recipe by creating a new data model for our application dataset. After the data model was created, you added a root-level event dataset type, named All Application, that will sit at the top of the dataset hierarchy. This event dataset allows for simple constraints and you created an dataset constraint that constrained the dataset to only application logs. Following this, you added dataset fields to the dataset, consisting of all the auto-extracted fields that Splunk already knew about, in addition to a regular expression field to categorize the various services within the event data. You then used this newly created Service regular expression field plus ...