- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Abandon Rate
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Abandon Rate
Hi, I am trying to find the abandonment rate for users who started the registration process but didnt complete it within say the 4 hours. I have the following query (part of an overall dashboard with an inline time range filter). Any help would be appreciated.
P.S. getStarted is the start step and ProcessApplication is the finish step
index=ABC sourcetype=ABC_ASAPI_elilogs Application.Channel=OA "Extended_Fields.SubChannel"= MobileApp Extended_Fields.StepInfo=getStarted NOT Extended_Fields.RegistrationType=NotSpecified | strcat Extended_Fields.AcctType "" Extended_Fields.RegistrationType AcctReg
| stats dc(Extended_Fields.AppId) by AcctReg
| rename dc(Extended_Fields.AppId) as Start
| appendcols
[ search index=ABC sourcetype=ABC_ASAPI_elilogs Application.Channel=OA "Service.Operation"=ProcessApplication "Extended_Fields.SubChannel"= MobileApp | strcat Extended_Fields.AcctType "" Extended_Fields.RegistrationType AcctReg
| stats dc(Extended_Fields.AppId) by AcctReg
| rename dc(Extended_Fields.AppId) as Finish]
| eval Abandon%=(Start-Finish)/Start*100
| fields AcctReg Abandon% Start Finish | sort - Finish
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What about using transaction commands?
index=ABC sourcetype=ABC_ASAPI_elilogs Application.Channel=OA ・・・・・
| strcat Extended_Fields.AcctType "" Extended_Fields.RegistrationType AcctReg
| transaction Extended_Fields.AcctType startswith="getStarted" endswith="ProcessApplication"
| stats count(eval(duration<1441)) as Finish ,count as Start by AcctReg
| eval Abandon%=(Start-Finish)/Start*100
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index="main"
| stats count as Start by host
| appendcols
[| search index="main" "error"
| stats count as Finish by host ]
| fillnull value=0 Finish
| eval CompletionPct=(Finish/Start)*100
| eval AbandonPct=100-CompletionPct
| eval CompletionPct=round(CompletionPct,2)
| eval AbandonPct=round(AbandonPct,2)
| table host Start Finish CompletionPct AbandonPct
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is this what you have suggested (full query) - I am not getting any result so unsure if it is an format error.
index=sne sourcetype=sne_ASAPI_elilogs Application.Channel=OA "Extended_Fields.SubChannel"=CWP-MobileApp Extended_Fields.StepInfo=getStarted NOT Extended_Fields.RegistrationType=NotSpecified | strcat Extended_Fields.AcctType "" Extended_Fields.RegistrationType AcctReg
| stats dc(Extended_Fields.AppId) by AcctReg as Start by host
| appendcols
[ search index=sne sourcetype=sne_ASAPI_elilogs Application.Channel=OA "Service.Operation"=ProcessApplication "Extended_Fields.SubChannel"=CWP-MobileApp | strcat Extended_Fields.AcctType "" Extended_Fields.RegistrationType AcctReg
| stats dc(Extended_Fields.AppId) by AcctReg as Finish by host ]
| fillnull value=0 Finish
| eval CompletionPct=(Finish/Start)*100
| eval AbandonPct=100-CompletionPct
| eval CompletionPct=round(CompletionPct,2)
| eval AbandonPct=round(AbandonPct,2)
| table host Start Finish CompletionPct AbandonPct
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
