When should a data model be created. What is the c...

kamal_jagga · ‎06-10-2015

Hi,

When should a data model be created. What is the criteria for doing so ?

I am running the following search almost 15 times in different panels in the same dashboard with just difference of the search group.

Should i create a data model for this?

If yes, how and what should be the the objects and other constraints of the datamodel.

Search:

index=cricket_idx |rex field=_raw max_match=0 "\{\d.\d\,(?P<SERVICE>.*?)\,(?:\{|\})"
|stats count by SERVICE 
|rex field=SERVICE "(?P<SERVICE_NAME>.*?)\,.*?(?P<STATUS>F|SE)\,(?P<RESPONSE>\d+)" 
|eval Failed=if(STATUS!="S",count,0) |stats  avg(RESPONSE) by SERVICE_NAME

stephanefotso · ‎06-10-2015

Hello! You will find all you need here: http://docs.splunk.com/Documentation/Splunk/6.2.0/Knowledge/Aboutdatamodels
Thanks

SGF

kamal_jagga · ‎06-11-2015

Thanks for the reply.

I have read that document already but its not quite clear (sorry i am newbie).

Would you be able to explain the above things in maybe 2 lines each in simple language.

Thanks

When should a data model be created. What is the criteria for doing so?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!