Hi,
I followed instructions here:
https://answers.splunk.com/answers/132016/process-flow-tracing-point-to-point-latency-calculation-visualisation-swim-lanes-is-it-possible.html
to analyse users stuck on steps of my business process.
My current search is:
host="sp.dentfix.ro" | stats values(event) as step values(eval(strftime(_time, "%Y-%d-%m %H:%M"))) as times by id | mvcombine step | stats count by step
I have a number of issues here:
1. the values(event) is listing values in alphabetical order, but I would like to see values in event time order (that is first event of every type).
2. Even more important, I have some events sp_alias where users get identified. The event contains fields id (as the new id) and oldId as former id of the user. How can I consolidate all oldId s with new id s and group by real users?
↧