Databases Reference
In-Depth Information
Combining
transaction
with
stats
or
timechart
, we can generate statistics about
the transactions themselves:
sourcetype="impl_splunk_web" user=mary
| transaction maxpause=5m user
| stats avg(duration) avg(eventcount)
This would give us a table, as shown in the following screenshot:
Calculating the aggregate of transaction
statistics
Using the values added by
transaction
, we can somewhat naively answer the
questions of how long the users spend on a site and how many pages they view
per session.
Let's create sessions based on the
uid
field for all events. Using
stats
, we will then
calculate the average
duration
value, the average
eventcount
value, and while
we're at it, we will determine the distinct number of users and session IDs.
sourcetype="impl_splunk_web"
| transaction maxpause=5m uid
| stats avg(duration) avg(eventcount) dc(user) dc(uid)
This will give us a table as shown in the following screenshot:
Transactions have an average length of 892 seconds, and 227 events.
For large amounts of web traffic, you will want to calculate transactions
over small slices of time into a summary index. We will cover summary
indexes in
Chapter 9
,
Using Summary Indexes
.
Search WWH ::
Custom Search