Book Image

Implementing Splunk (Update)

Book Image

Implementing Splunk (Update)

Overview of this book

Table of Contents (20 chapters)
Implementing Splunk Second Edition
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

What is a data model?


The Splunk product documentation (2015) defines a data model as:

a hierarchically structured, search-time mapping of semantic knowledge about one or more datasets (that encode the domain knowledge necessary to generate specialized searches of those datasets) so that Splunk can use these specialized searches to generate reports and charts for pivot users.

Data models enable you to create Splunk reports and dashboards without having to develop Splunk searches (required to create those reports and dashboards), and can play a big part in Splunk app development. You can create your own data models, but before you do, you should review the data models that your organization may have already developed. Typically, data models are designed by those that understand the specifics around the format, the semantics of certain data, and the manner in which users may expect to work with that data. In building a typical data model, knowledge managers use knowledge object types (such as...