Chapter 5. Extending Intelligence – Data Models and Pivoting

In this chapter, we will introduce the Splunk data model and pivoting functionality. We will cover the following recipes:

  • Creating a data model for web access logs
  • Creating a data model for application logs
  • Accelerating data models
  • Pivoting total sales transactions
  • Pivoting purchases by geographical location
  • Pivoting slowest responding web pages
  • Pivot charting top error codes


In many of the previous chapters, we leveraged Splunk's SPL quite a bit in order to build searches, reports, and dashboards. In this chapter, we will learn how to leverage Splunk's data model and Pivot functionality, and demonstrate how these can be leveraged by less technical users to easily build reports, ...

Get Splunk: Enterprise Operational Intelligence Delivered now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.