I implemented the sp.js website analytics event collector with splunk. Now I have a lot of events collected, including over 100k pageview events.
All events have a user id field (id) with possibility that over time the users are identified by means of if and oldId fields. Identifications can be multiple times if the user had accessed the website via multiple browsers / devices.
I am interested to study the customer journey statistically. I find difficult to express what I really want to see so I decided to split the study in multiple steps and try to study steps separately.
I need to find a way, for instance, to calculate what events happened after a certain pageview event (on a landing page) in order to measure the user behaviour on that landing page. I found the Sankey Diagram visualisation that seems to present stats in a comprehensible manner but I find difficult to generate a proper search query to get the info out from the indexed data.
I arrived at an intermediary form of my query
host="sp.dentfix.ro" | stats values(event) as step values(eval(strftime(_time, "%Y-%d-%m %H:%M"))) as times by id | mvcombine step | stats count by step
Here I would like to group by id and all oldId fields of the id. Is a subquery working in place of group by id field?
I realise is hard to offer a search example without knowing the log structure. I only tracked pageviews, sp_alias, links and general events as specified by sp.js library. More info here:
https://github.com/splunk/splunk-demo-collector-for-analyticsjs#api
http://blogs.splunk.com/2013/10/17/still-using-3rd-party-web-analytics-providers-build-your-own-usin...