Pivots and Datasets

Question 1

What is the purpose of a pivot?

Answer 1

Design reports in simple to use interface without ever having to craft a search string

Question 2

What is a data model?

Answer 2

A knowledge object that provides the data structure that drives pivots

Question 3

What job roles have access to create data models?

Answer 3

ADMIN, POWER (as they have knowledge of the search language)

Question 4

What is a dataset?

Answer 4

A smaller set of the data defined for a specific purpose, represented as tables with field names for columns and field values for cells

Question 5

How would u explain a dataset easily

Answer 5

Like slices of data
i.e. top slice shows all events
selecting successful child events will filter to events not ending in error
Think of the child datasets as an ‘AND’ boolean i.e. sourcetype=access_combined AND status=200

Question 6

What is the only type of serach you can use for a Pivot, provide and example

Answer 6

NON TRANSFORMING search

i.e sourceype=access_combined status=404

Question 7

how do you create an instant pivot?

Answer 7

Click on the ‘Instant Pivot’ button on the visualisation tab