I have a list of Account ID and URL accessed.
So, for an Account ID, there are many URLs being accessed.
I want to be able to identify Account ID that
1) ONLY access a certain URL (e.g. URL_Type_01)
So, if they have visited other URL then "URL_Type_01", then I would drop the entire Account ID from considerations.
I want to be able to asked "Which Account ID has ONLY view Type 1", and "Which Account ID has NEVER used Type 1".
To "Show Account ID that would access ONLY URL_Type01
e.g. Exclude from transaction/group:
Account_001
URL_Type_01
URL_Type_02
e.g. Exclude from transaction/group:
Account_002
URL_Type_02
e.g. Include in transaction/group:
Account_003
URL_Type 1
Hope I am being clear...
🙂 Many thanks!
This is hard to figure without a sample and your base transaction search, but here is a idea :
2012-06-22 01:12:12 account=001 blah blah 2012-06-22 01:12:14 account=001 URL_Type=01 2012-06-22 01:13:15 account=001 URL_Type=02 2012-06-22 01:13:18 account=001 URL_Type=02 2012-06-22 01:19:12 account=002 blah blah 2012-06-22 01:18:12 account=002 URL_Type=02 2012-06-22 01:16:12 account=003 blah blah 2012-06-22 01:14:12 account=003 URL_Type=01 2012-06-22 01:14:12 account=003 URL_Type=01 2012-06-22 01:14:14 account=003 URL_Type=01 2012-06-22 01:14:15 account=003 URL_Type=01
* | transaction account | search URL_Type=01 | eval URL_distinct=mvcount(URL_Type) | search URL_distinct=1
Thanks yannK. That would work if there are only 2 URL. However, if there are multiple URLs:
URL_Type_03, URL_Type_04, URL_Type_05, URL_Type_06 etc
And we need to identify Account_ID that only access URL_Type_01 AND URL_Type_04, and not others, then the above search won't work then?
Cheers!
Joshie