Introduction
In many of the previous chapters, we leveraged Splunk's Search Processing Language (SPL) quite a bit in order to build searches, reports, and dashboards. In this chapter, we will learn how to leverage Splunk's data model and Pivot functionality and demonstrate how these can be leveraged by less technical users to easily build reports, charts, and dashboards.
The first set of recipes in this chapter involves building Splunk data models. Data models allow Splunk datasets to be mapped, together with associated knowledge, into a hierarchical structure that encapsulates a number of Splunk searches behind the scenes. These models power Splunk's Pivot tool and allow users to create dynamic reports and dashboards, without the need to write any searches. Data models are somewhat analogous to relational database schemas; in that, they present data to Pivot as rows and columns.
Data models are typically built by individuals who are familiar with Splunk's SPL using the Data Model Editor....
