In larger organizations, not every user wants to or should have to write a Splunk search to get analytical values. Many users will want to create their owns reports and analyses in an ad hoc fashion, but will reject tools that force them to write what they perceive as code.
Splunk data models and the Pivot tool work hand in hand to meet the needs of these types of people. These functionalities enable more casual end users to generate statistical data and charts without needing to know Search Processing Language (SPL).
A data model is a hierarchical mapping of data based on search results. The output of the data model's underlying search queries can be visualized as a set of rows and columns in a spreadsheet, using the Pivot tool.
The Pivot tool is what is used to present data fields as rows and columns of data. Using the Pivot tool, a user can create a crosstab report or a visualization, for example. Users can also apply additional ad hoc filtering and set up choices with pointing and clicking, rather than typing.
In this chapter, we will learn how to:
- Create a data model
- Enable acceleration for the data model
- Create a Pivot output
- Visualize data using the area chart, pie chart, and single value with trend sparkline options