Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Datamodels and Pivots VS. Lookups and Stats output

thisissplunk
Builder
‎11-14-2019 03:00 PM

I'm having trouble conceptually understanding what Datamodels and Pivots provide over just simple lookup tables and well, query outputs in table form.

Were datamodels and pivots made for non technical users to be able to put together similar dashboards that people who know how to use SPL can do with stats command and summary indexes?

Now, I do understand that datamodels are saved and searched across differently which makes them crazy fast, but that's about it

What am I missing here?

Reply

woodcock
Esteemed Legend
‎11-14-2019 04:01 PM

Pivots were definitely made for non-technical people so that admins can create datasets and pivots for those non-technical users to build their own reports and dashboards with reasonable ease and confidence of accuracy. The need for schema and a normalized naming convention was the reason for datamodels. When datamodels are accelerated they can summarize and report over huge volumes of data very quickly. The stats command, in some form or another (e.g. timechart, chart, tstats, etc.) is a key component of all of these when it comes to building and leveraging them. If you need your summaries to outlive your raw data, then you cannot use datamodels, you need to use a summary index.

Here is another good Q&A on this topic (don't forget to UpVote😞
https://answers.splunk.com/answers/135451/summary-index-vs-report-acceleration.html

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...