09_Splunk 9 Creating Data Models and Optimizing Pivot

 1 Splunk 9: Creating Data Models and Optimizing Pivot - by Adam Frisbee *

1.1 Course Overview

2 Getting Familiar with Data Models and the Pivot Tool in Splunk

2.1 Getting Familiar with Data Models and the Pivot Tool in Splunk

2.2 Event Types, Lookups, Tags, and Aliases

2.3 Introducing the Splunk Pivot Tool

2.4 Demo: Splunk Pivot Tool

2.5 Summary

3 Diving Deeper into Data Models

3.1 The Benefits of Modeling Data]

3.2 The Ingredients of a Data Model

3.3 Data Model Configuration Files

3.4 Data Model Acceleration

3.5 Demo: Examine a Data Model in JSON

3.6 Data Model Datasets

3.7 Dataset Field Categories

3.8 Field Extractions

3.9 Business Requirements and Our Scenario

3.10 Demo: Build a Data Model

3.10.1 Add Data

3.10.2 Add Lookup

3.10.3 Do Lookup Defnition

3.10.4 Set up data model

3.11 Module Summary

4 Using the Pivot Tool to Build Dashboards, Reports, and Alerts from a Data Model

4.1 Pivot Table Elements

4.2 Visualization Types and Their Uses

4.3 Demo: Create Dashboards, Reports, and Alerts Based on Our Data Model

4.4 Course Wrap Up

1. Splunk 9: Creating Data Models and Optimizing Pivot - by Adam Frisbee *

1. Course Overview

2. Getting Familiar with Data Models and the Pivot Tool in Splunk

1. Getting Familiar with Data Models and the Pivot Tool in Splunk

With = sign

Pattern

Values with no explicit key 

2. Event Types, Lookups, Tags, and Aliases

Eval used one field name for multiple field results

3. Introducing the Splunk Pivot Tool

4. Demo: Splunk Pivot Tool

Search > Datasets > 

Choose data set > visualize 

5. Summary

3. Diving Deeper into Data Models

Do this excercises 

1. The Benefits of Modeling Data]

2. The Ingredients of a Data Model

3. Data Model Configuration Files

Default directory has lowest precedence.

4. Data Model Acceleration

5. Demo: Examine a Data Model in JSON

• Data Models are either global or associated with App

• Settings > Data Modeal >

• Bin directory for all splunk executables, exe directory for splunk licensing info, var directory for all of the indexes

• C:\Program Files\Splunk\etc\apps\search\default in windows

• Config files is available in 

• 

• Json file C:\Program Files\Splunk\etc\apps\search\default\data\models\

• internal_audit_logs.json

• internal_server.json

• 
  

• 

6. Data Model Datasets

7. Dataset Field Categories

8. Field Extractions

9. Business Requirements and Our Scenario

10. Demo: Build a Data Model

1. Add Data

Add Data  - Upload – mack_data.csv – next

Next

Host field value = mock_data, index = default (we can choose mockdata

2. Add Lookup 

Go to look up file – change the permsion

3. Do Lookup Defnition

4. Set up data model

Settings – Data Model – New data model  

Choose Root Event – 

Save then the next screen comes

Add the required fields based on the business requirements

We need to get only Ad_Click=Yes > we need root search event 

Add another field from broad dataset – choose auto extracted

This satisfieds our first requirement

Add other fields from broad events for our use case

Change revenue field to number

This Data moldel is the appications requirements –

11. Module Summary

4. Using the Pivot Tool to Build Dashboards, Reports, and Alerts from a Data Model

1. Pivot Table Elements

2. Visualization Types and Their Uses

3. Demo: Create Dashboards, Reports, and Alerts Based on Our Data Model

• In the data modal click Pivot

• 

Available data sets are :

Click Broad

Income range

Nice dashboard and set the dashboard as home dashboard 

4. Course Wrap Up

s