Hi, I want to know what url user visited after going to a particular url.
Suppose this is the url user visited (www.**cccc**.com), I want to know what pages he visited after that url.
[Please suggest a query for this, I have proxy logs in splunk]
Hi @ivar9692 - Did dperre's answer help solve your question at all? If yes, please don't forget to click "Accept" below the answer to resolve this post. Thanks!
Try this search. I don't know what your field names are but you could try this.
index=proxy_logs | transaction user startswith="www.trackedurl.com" maxevents=100
Edit:
Putting some context around the search and improving the search.
index=proxy_logs user=x #This searches the proxy_logs index for user X. You can change.
transaction user startswith="www.trackedurl.com" maxevents=100 # Join all of the results by the user starting with the www.trackedurl.com url then getting a maximum event number of 100. So from the start of the first www.trackedurl.com go to 100 later events. You can increase or lower this number.
Can we have some sample log entries? You probably need field extraction, if not already done, to capture pages and report from those fields.
Hi somesoni,
I have bluecoat logs, indexed in splunk. I need to extract information from url field. Condition I want is : if someone visited url: www.###.com then after that what are the next 5 url he visited.
Note here output i need is users who visited www.####.com and next 5 websited they visited.