Pivot
You can create your Splunk reports without having to use the Splunk Enterprise Search Processing Language (SPL) by utilizing the Splunk pivot tool.
Splunk pivot is a simple drag-and-drop interface that uses (predefined) data models and data model objects. These data models (designed by the knowledge managers in an organization and discussed later in this book) are used by the pivot tool to define, subdivide, and set attributes for the event data you are interested in.
You can create a Splunk pivot table by following these steps:
- Go to the Splunk Home page and click on Pivot for the app workspace you want to use:
- Next, from the Select a Data Model page, you can then choose a specific data model (by identifying which dataset to work with):
- Once you select a data model, you can select the list of objects (which can be an object type of event, transaction, search, or child, and can represent a specific view or a slice of a Splunk search result) within that data model (or click on edit objects...
