I want to create a search that will post the amount of users that haven't finished their registration transaction. There are three events that must be shown in the log for it to be a completed transaction: "IPInterceptor", "GetPolicy", and "ActivatedNode". I'm thinking of using their IP addresses to differentiate the users and I've done this using regex and creating a field for it called ip which holds all the IP addresses of the users using my application. Here's what I have in the search so far...
blah...| rex "(?\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})"
How do I iterate through the created ip field to confirm that a user has all three functions executed with their specific IP address and add up the total amount of users that did started with IPInterceptor but did not get to ActivateNode.
Raw data example:
...
[Mon Jul 29 12:23:14][INFO ][11.12.21.318][]IPInterceptor.preHandle()
...
[Mon Jul 29 12:30:01][INFO ][11.12.21.318][]GetPolicy.doPost()
...
[Mon Jul 29 12:31:21][INFO ][11.12.21.318][]ActivateNode.doPost()
...
... View more