Filtering pivots

Splunk Pivots can be filtered using filter elements.

Splunk supports three kinds of filter elements for use with pivots. It's important to understand each and they are explained as follows:

• Time: Always present and cannot be removed. Time defines the time range for which your pivot will return results.
• Match: Enables the ability to set up matching for strings, numbers, timestamps, Booleans, and IPv4 addresses (although currently only as AND, not OR, matches).
• Limit: Enables you to restrict the number of results returned by your pivot.