So I have a bespoke Java app running in tomcat logging out different events which correlate to different sections on the app. Each different page is logged into a different log file so I have multiple sources all under one sourcetype.
There is a key value pair field called 'user' on every line which represents the logged in users email address.
I'm able to isolate an event in each source which shows the user has visited that page in the app.
I want to be able to create a report and/or visualisation that can show the order in which the users moved around the app at a high level as a Proof of Concept. I need to be able to visualize multiple users and variations in the journey as its non-linear.
This is a rough version of my query atm.
index=prod firstname.lastname@example.org NOT message="cache"
| dedup _raw,host,_time
| transaction source maxspan=1m
| rex field=source "/var/log/tomcat/(? .*).txt"
| table _time,user,page
| chart count(user) over _time by page
| chart count(userjounrney) over _time by page
Any ideas on how we could visualize this in a way it shows the progression of the pages that a specific user hit at what time?
I've tried adding this to the end of the search and it visualizes the pages BUT not showing the order or time at which users visited them
| eval Page = if(page="acs","ACS",if(page="home","Home",if(page="my-bills","My-Bills",if(page="ebill","eBill",if(page="direct-debit","Direct-Debit",if(page="my-apps","My-Apps",if(page="my-profile","My-Profile",if(page="createprofile","Create-Profile",if(page="my-offers","My-Offers",if(page="faults","Service-Status",if(page="trackorder","Track Order",0))))))))))) | chart count over Page by user usenull=f useother=f
... View more