How to filter out events before/after a specific e...

tanyongjin · ‎05-10-2017

Hi,

I want to filter out an event that occurs just before/after all the occurrence of a specific event, 'X". How can I do it?

If I want to aggregate them out to get some statistics or plot a graph, how can I do it too?

DalJeanis · ‎05-10-2017

You will have to be much more specific about your data, because the answer to your question depends on how you are identifying the event X, and how you are identifying the events A and Z that you want filtered out.

So, please post an example (non confidential, of course) of event X, and an example of the events you might like to filter out. If you describe in plain language the rationale for omitting them, that can help us meet your need as well.

tanyongjin · ‎05-10-2017

Here, X is an exact requirement provided to me. X is an access to an specific API, which for confidentiality, I am unable to provide an example of it.

So if a user uses A, then proceeds to X then to Z. We know that the flow goes from A -> X -> Z.

From this information, I would like to find out for all the users in the system, what is their "A" and "Z". Then determine if access to "A" and "Z" are related to the usage of X. Thus, I can report this finding up to my superior and for them to determine what could be missing in the implementation of X, which causes users to access "A" and "Z", which in turn can help improve X.

Thank you.

How to filter out events before/after a specific event

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!