Creating a data model for web access logs
In this first recipe, you will create a data model for our web access logs. You will be using Splunk's Data Model Editor to do this and define a number of object types, and add constraints and attributes.
Getting ready
To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In, and the completed recipes from earlier chapters. You should be familiar with navigating the Splunk user interface.
How to do it...
Follow the steps in this recipe to create the Web Access data model:
Log in to your Splunk server.
Select the Operational Intelligence application.
Select the Settings menu item at the top-right corner of the screen, and then select Data models:
An empty list of data models to manage will load. Click on the New Data Model button located at the top-right corner of the screen:
A pop-up box will be displayed. Enter
Web Access
in the Title field and as you type, the...