Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Visitor flow stats on website

rvencu
Path Finder
‎09-03-2016 05:38 AM

I implemented the sp.js website analytics event collector with splunk. Now I have a lot of events collected, including over 100k pageview events.

All events have a user id field (id) with possibility that over time the users are identified by means of if and oldId fields. Identifications can be multiple times if the user had accessed the website via multiple browsers / devices.

I am interested to study the customer journey statistically. I find difficult to express what I really want to see so I decided to split the study in multiple steps and try to study steps separately.

I need to find a way, for instance, to calculate what events happened after a certain pageview event (on a landing page) in order to measure the user behaviour on that landing page. I found the Sankey Diagram visualisation that seems to present stats in a comprehensible manner but I find difficult to generate a proper search query to get the info out from the indexed data.

0 Karma
Reply

rvencu
Path Finder
‎09-07-2016 10:44 AM

I arrived at an intermediary form of my query
host="sp.dentfix.ro" | stats values(event) as step values(eval(strftime(_time, "%Y-%d-%m %H:%M"))) as times by id | mvcombine step | stats count by step

Here I would like to group by id and all oldId fields of the id. Is a subquery working in place of group by id field?

0 Karma
Reply

rvencu
Path Finder
‎09-03-2016 06:11 AM

I realise is hard to offer a search example without knowing the log structure. I only tracked pageviews, sp_alias, links and general events as specified by sp.js library. More info here:
https://github.com/splunk/splunk-demo-collector-for-analyticsjs#api
http://blogs.splunk.com/2013/10/17/still-using-3rd-party-web-analytics-providers-build-your-own-usin...

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...