All Apps and Add-ons

Sankey flow of URIs

Path Finder

Hello Splunkers,

I am trying to create a sankey to show the drop-off of page requests based on the steps in an online transaction. I have the sequence of the URIs given to me but there is no connection between them in the data. E.g:

Page 1:

192.168.1.1 - - [04/Jun/2019:14:44:28 -0700] "GET /app/ecomm/page1 HTTP/1.1" 200 2578
host =  host.company.com source =   /var/log/httpd/ssl_access_log sourcetype =  access_combined

Page 2:

192.168.1.1 - - [04/Jun/2019:14:44:28 -0700] "GET /app/ecomm/page2 HTTP/1.1" 200 2578
host =  host.company.com source =   /var/log/httpd/ssl_access_log sourcetype =  access_combined

Page 3:

192.168.1.1 - - [04/Jun/2019:14:44:28 -0700] "GET /app/ecomm/page3 HTTP/1.1" 200 2578
host =  host.company.com source =   /var/log/httpd/ssl_access_log sourcetype =  access_combined

And so on.

/app/ecomm/xxx

Is extracted as the URI and I can easily show host -> first page but if I include all the URI's there is no connection showing 1 precedes 2.

Appreciate any help!
Cheers,

0 Karma