Splunk Search

How to search for the most popular purchased item X AND which other item was purchased most often with item X?

upuc
Explorer

I would like to search for common product-packages. So I want to look for one item (AAA) and find out which other item (XXX) was bought most often in the same purchase order (Orders with AAA).
I already clicked through the other questions on this page and found the following link:

http://docs.splunk.com/Documentation/Splunk/5.0.4/SearchReference/Correlate

Sadly, I'm not able to apply this query to my problem. Hope someone can help.
Best regards

Tags (2)

ppablo
Retired

Hi @upuc

Did the arules command that @martin_mueller suggested below work for your use case?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

According to the docs at http://docs.splunk.com/Documentation/Splunk/6.1.3/SearchReference/Arules you're looking for the arules command.

upuc
Explorer

Hello helpers!
Still no solution in sight. If maybe ppablo or martin found a way to handle this by now (?) it would be great if you could share.

0 Karma

ppablo
Retired

Hi @upuc

Did @martin_mueller's arules command suggestion not solve your issue? Didn't hear from you for a month.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Let me know if and how that works though, I've always been wondering...

0 Karma

aweitzman
Motivator

A sample of event data would be very useful here. Is it the case that each line item in an order is a separate Splunk event? Or are they clumped together somehow, with all line items for an order in the same event?

0 Karma

upuc
Explorer

we save every item as a seperate event with a code for the underlying shopping cart.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...