Solved: How to resolve issue with Dynatrace user session q...

sabari80 · ‎11-03-2022

can anyone help me to resolve my issue? here is the query which i am using

index="dynatrace" "userActions{}.name" = "clickonnotes" | table "userActions{}.name","userActions{}.visuallyCompleteTime"

output

userActions{}.name userActions{}.visuallyCompleteTime

loadingofpage/cc/claimcenter.do

clickonsearch

keypressonc1

clickony3wc25120

clickonnotes

clickonlossdetails

clickonindemnity

9356

516

609

1276

981

1371

392

640

ITWhisperer · ‎11-04-2022

Try something like this

| spath userActions{} output=userActions
| mvexpand userActions
| spath input=userActions name
| spath input=userActions visuallyCompleteTime
| where name="clickonnotes"
| table name visuallyCompleteTime

View solution in original post

richgalloway · ‎11-03-2022

Are you saying only the "clickonnotes" row should be displayed? That SPL should work, but Splunk can be finicky about how it handles JSON. Can you share some events?

---
If this reply helps you, Karma would be appreciated.

sabari80 · ‎11-03-2022

Yes i am looking just one row which is equivalent to 'clickonnotes' user action.

Here is the event result

11/3/22
10:58:03.871 PM

{ [-]
   applicationType: WEB_APPLICATION
   bounce: false
   browserFamily: MicrosoftEdge
   browserMajorVersion: MicrosoftEdge105
   browserType: DesktopBrowser
   clientType: DesktopBrowser
   connectionType: UNKNOWN
   dateProperties: [ [+]
   ]
   doubleProperties: [ [+]
   ]
   duration: 909842
   endReason: TIMEOUT
   endTime: 1667514156364
   errors: [ [+]
   ]
   events: [ [+]
   ]
   hasError: false
   hasSessionReplay: false
   internalUserId: 16638519974486RHOLEMU15S6B0FVU8SOGH0VFUVLULJ1
   ip: 10.146.0.241
   longProperties: [ [+]
   ]
   matchingConversionGoals: [ [+]
   ]
   matchingConversionGoalsCount: 0
   newUser: false
   numberOfRageClicks: 0
   numberOfRageTaps: 0
   osFamily: Windows
   osVersion: Windows10
   partNumber: 0
   screenHeight: -1
   screenWidth: -1
   startTime: 1667513246522
   stringProperties: [ [+]
   ]
   syntheticEvents: [ [+]
   ]
   tenantId: 3905aa6f-4130-439f-b336-dd2af9fa40d4
   totalErrorCount: 0
   totalLicenseCreditCount: 1
   userActionCount: 9
   userActions: [ [+]
   ]
   userExperienceScore: SATISFIED
   userId: MS86601
   userSessionId: KPFWHAWMDNROKALKEGUUEQKFPTQBQDMU-0
   userType: REAL_USER
}

in the user action array has multiple user actions including 'clickonnotes'

userActionCount: 9
   userActions: [ [-]
     { [+]
     }
     { [+]
     }
     { [+]
     }
     { [+]
     }
     { [+]
     }
     { [+]
     }
     { [+]
     }
     { [+]
     }
     { [+]
     }
   ]

ITWhisperer · ‎11-04-2022

Try something like this

| spath userActions{} output=userActions
| mvexpand userActions
| spath input=userActions name
| spath input=userActions visuallyCompleteTime
| where name="clickonnotes"
| table name visuallyCompleteTime

sabari80 · ‎11-04-2022

Thanks... its working as expected... did some changes and i am good with it...

How to resolve issue with Dynatrace user session query that is retrieving multiple user actions?

field extraction

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024