About the Data Model and Pivot Tutorial
This tutorial guides you through adding data to your Splunk deployment, building simple data models from this tutorial data, and creating new pivots from the data models.
Prerequisites for this tutorial
This tutorial assumes that you have access to a Splunk deployment.
If you do not have access to a Splunk deployment, you can use a trial version of the Splunk software. For instructions on downloading a trial version, installing, and starting the software, see the following topics in the Search Tutorial.
- What you need for this tutorial
- Install Splunk Enterprise on Linux, Windows, or Mac OS X
- Start Splunk Enterprise and launch Splunk Web
What's covered in this tutorial?
A breakdown of what you will find in each of the sections of this tutorial follows.
- Introduction describes the pre-requisites and system requirements for completing this tutorial. It also describes Splunk Web, which is the interface for using Splunk Enterprise and Pivot.
- Part 1: Getting data into Splunk Enterprise walks you through adding the tutorial data into Splunk Enterprise. The tutorial data, which is a sample data set composed of web server and MySQL logs for a fictional online game store, is included for download in this chapter.
- Part 2: Building a data model walks you through creating a new data model, defining the root dataset, editing dataset fields, defining child fields.
- Part 3: Designing a Pivot report walks you through creating and saving Pivot tables and charts.
- Part 4: Creating dashboards walks you through creating new dashboards and adding Pivots to new and existing dashboards.
Using a PDF of the tutorial
Do not copy and paste searches or regular expressions directly from the PDF into Splunk Web. In some cases, doing so causes errors because of hidden characters that are included in the PDF formatting.
What you need for this tutorial
This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5