Splunk Search
Highlighted

Better way to track sequence of web logs other than transaction command

Motivator

I am using the transaction command to follow the sequence of a successful WordPress login (and the URIs the user hits after the login) and what I'm finding is that the endswidth is hard to pin down because of re-direction or no re-direction based on the site. So, I have the following logic:

A method of POST with a status of 302 followed by a method of a GET within one second to the same site/IP

Would a search based on transaction be needed for that, or is there a less taxing way to search for that sequence?

Thx

0 Karma
Highlighted

Re: Better way to track sequence of web logs other than transaction command

New Member

You can use the stats command.

0 Karma
Highlighted

Re: Better way to track sequence of web logs other than transaction command

Motivator

Would I be looking to leverage earliest/latest?

Thx

0 Karma