Reporting

Pivot Datamodel limitations (Where's the beef?)

kmattern
Builder

Is there a definitive list of limitations for Datamodels and Pivots?

For example when I select a the field cs_username for filtering, the drop down lists only 10 entries and no scrollbar. I have quite a few more than ten entries.

alt text

Also, what can I not do in generating searches, constraints and attributes? And what about sub searches, etc.? I see some pretty simple examples but I need to go much farther and drill deeper into my data. I was hoping to be able to give Pivot to my customers but with some of these limitations it may not be possible.

Datamodels and Pivot are a good start but need more beef!

mattness
Splunk Employee
Splunk Employee

Glad you feel that Splunk's new Pivot feature is off to a good start! Keep in mind that we're just getting rolling with Pivot and will be expanding its range over time.

The filter limit attribute list currently only displays the top values in your dataset. This is a bug--a performance-related limitation--that we intend to clear up in an upcoming release.

And with regard to subsearches and similar Search features--you can include these and many other advanced search mechanics in root search objects. Root search objects are designed to use just about any kind of search string as long as it returns statistical results in table format (uses transforming commands, in other words). You just have to keep in mind that object hierarchies based on root search objects cannot take advantage of persistent data model acceleration (but they will be covered by ad-hoc acceleration). So at least for now there's trade-off if you want to use a complex search as the foundation of a data model.

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...