Hi everyone,
I'd like to see the flow from a given final URL, back to original URL the user typed.
In my Web Proxy Logs, I see the following : _time, src_ip, http_referrer, http_method, URL
For example : 003, 1.1.1.1, htp://www.bbb.com/ads.html, GET, htp://www.ccc.com/ccc.html 002, 1.1.1.1, htp://www.aaa.com/, GET, htp://www.bbb.com/ads.html 001, 1.1.1.1, -, GET, htp://www.aaa.com/
What I want to do is, given the final URL (ccc.com/ccc.html), be able to go back in time, through the pair (http_referrer, URL) and find all the URLs up to the original one (aaa.com) with http_referrer="-".
Sometimes this flow can be spread among 10 different requests mixed in the middle of other web traffic, so this is hard to find by hand.
Programmatically I would do this with one loop, but I cannot find any loops with Splunk.
Can you help me ? Thanks.
... View more