Re: What is the best way to track URLs visited for...

ivar9692 · ‎09-27-2016

Hi, I want to know what url user visited after going to a particular url.

Suppose this is the url user visited (www.**cccc**.com), I want to know what pages he visited after that url.

[Please suggest a query for this, I have proxy logs in splunk]

aaraneta_splunk · ‎10-23-2016

Hi @ivar9692 - Did dperre's answer help solve your question at all? If yes, please don't forget to click "Accept" below the answer to resolve this post. Thanks!

dperre_splunk · ‎10-04-2016

Try this search. I don't know what your field names are but you could try this.

index=proxy_logs | transaction user startswith="www.trackedurl.com" maxevents=100

Edit:
Putting some context around the search and improving the search.
index=proxy_logs user=x #This searches the proxy_logs index for user X. You can change.
transaction user startswith="www.trackedurl.com" maxevents=100 # Join all of the results by the user starting with the www.trackedurl.com url then getting a maximum event number of 100. So from the start of the first www.trackedurl.com go to 100 later events. You can increase or lower this number.

somesoni2 · ‎09-28-2016

Can we have some sample log entries? You probably need field extraction, if not already done, to capture pages and report from those fields.

ivar9692 · ‎10-03-2016

Hi somesoni,

I have bluecoat logs, indexed in splunk. I need to extract information from url field. Condition I want is : if someone visited url: www.###.com then after that what are the next 5 url he visited.
Note here output i need is users who visited www.####.com and next 5 websited they visited.

What is the best way to track URLs visited for a user?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk