In this recipe, you started off by creating a new data model for our web access event data. After the initial data model was created, you added a root-level event dataset type, named All Web Access that will sit at the top of the dataset hierarchy. This event dataset allows for simple constraints and you created an dataset constraint that constrained the dataset to only web access logs. Following this, you added dataset fields to the dataset, consisting of all the auto-extracted fields that Splunk already knew about, in addition to an evaluated expression dataset field to categorize the various status codes in the event data. You then used this newly created status_category evaluated field to create child dataset types for ...