Splunk® Enterprise

Data Model and Pivot Tutorial

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

About the Data Model and Pivot Tutorial

This tutorial guides you through adding data to your Splunk deployment, building simple data models from this tutorial data, and creating new pivots from the data models.

Prerequisites for this tutorial

This tutorial assumes that you have access to a Splunk deployment.

If you do not have access to a Splunk deployment, you can use a trial version of the Splunk software. For instructions on downloading a trial version, installing, and starting the software, see the following topics in the Search Tutorial.

What's covered in this tutorial?

A breakdown of what you will find in each of the sections of this tutorial follows.

  • Introduction describes the pre-requisites and system requirements for completing this tutorial. It also describes Splunk Web, which is the interface for using Splunk Enterprise and Pivot.
  • Part 1: Getting data into Splunk Enterprise walks you through adding the tutorial data into Splunk Enterprise. The tutorial data, which is a sample data set composed of web server and MySQL logs for a fictional online game store, is included for download in this chapter.
  • Part 2: Building a data model walks you through creating a new data model, defining the root dataset, editing dataset fields, defining child fields.
  • Part 3: Designing a Pivot report walks you through creating and saving Pivot tables and charts.
  • Part 4: Creating dashboards walks you through creating new dashboards and adding Pivots to new and existing dashboards.

Using a PDF of the tutorial

Do not copy and paste searches or regular expressions directly from the PDF into Splunk Web. In some cases, doing so causes errors because of hidden characters that are included in the PDF formatting.

Last modified on 16 February, 2018
  What you need for this tutorial

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters