Currently I'm using: sourcetype=access_*|transaction clientip maxpause=1h keepevicted=t mvlist=t | table uri_path . This search displays all uri_paths occurring in a given transaction. I would like to display the last uri_path of each event. The results of my current search is below.
/category.screen
/product.screen
/oldlink
/cart.do
/cart.do
/category.screen
/cart.do
/cart/success.do
/category.screen
/oldlink
/cart.do
/product.screen
/cart.do
/product.screen
/category.screen
/cart.do
/product.screen
/cart.do
/product.screen
/cart.do
/cart/success.do
/cart.do
