Hello,
I have a set of events coming from a source that tell me if a user came from a certain page "Source". From this set of events I can retrieve the request ID. From another set, I can retrieve information about a user visiting a certain page "Destination" together with the request ID.
I would like to create a report on the total number users per cluster and visiting "Destination" and the number of users per cluster visiting "Destination" and coming from "Source". How can I achieve that?
Here is the query to get the first set of events:
index=* logtype="SAT" (method="GET" OR method="POST") uri_path="myuri.do" referer="Source" | dedup rc | eval rc=rc+":0" | stats values(rc)
Here is the query to get the second set of events:
index=* logtype="EL" | rex field=rec.msg ".*?STRING: (?<trdate>\d{2}\.\d{2}\.\d{4} \d{2}:\d{2}:\d{2}) \w* (?<actiontype>\d*) (?<userid>\w*) (?<cluster>\w*) (?<action>.*?)\]\]>" | search actiontype="Destination" | stats values(rec.reqid) by userid cluster
Thank you very much for your help.
... View more