Splunk 101: Creating Pivots


Hello, Josh here, to walk you through another quick Splunk tutorial that will save you time and give your team a tool that everyone can use. In this video tutorial, I’ll discuss the importance of using the Pivot function of Splunk. Who wants to make Splunk easier… for just about any person? Pivots are the perfect way to get a non-Splunker started on pulling visualizations from your data. Here are some takeaways from the video when you’re using pivot in Splunk…

Key Takeaways from Creating Pivots in Splunk

When working with a Pivot in Splunk and ensuring you get the right visualizations… it all starts with your data models…

  • In simple terms, a Pivot is a dashboard panel. Every Pivot relies on your Data Models.
  • Pivots exist to make Splunk easy – any user, whether they have existing search language knowledge or not, can utilize the Pivot function.
  • Be careful not to delete or edit your data models while building your pivots (unless you know what you’re doing?).
  • The Pivot function has a drag and drop UI that makes creating dashboards simple.
  • You can manipulate the visualizations around your data – test out which chart looks best with your data!
  • There are limitations to the click and drag functionality of Splunk Pivot visualizations… all dependent on the limitations of your data set.

You may have read a few of my Splunk Search Command Series blogs, both myself, and our engineers here at Kinney Group produce weekly content around Splunk best practices. My team, the Tech Ops team, runs our Expertise on Demand service, which I’ll touch on a little more below. Our EOD team is responsible for knowing everything and anything around Splunk best practice… that’s why you’ll get access to a ton of video and written content from our team.

Meet our Expert Team

If you’re a Splunker, or work with Splunkers, you probably have a full plate. Finding the value in Splunk comes from the big projects and the small day-to-day optimizations of your environment. Cue Expertise on Demand, a service that can help with those Splunk issues and improvements to scale. EOD is designed to answer your team’s daily questions and breakthrough stubborn roadblocks. We have the team here to support you. Let us know below how we can help.


Start typing and press Enter to search