2015-06-12:00:08:54 100.220.144.1 GET /site/path1.aspx 200
2015-06-12:00:08:55 100.220.144.1 GET /site/path2.aspx 200
2015-06-12:00:08:56 100.220.144.1 GET /site/path3.aspx 200
2015-06-12:00:08:56 100.220.144.1 GET /site/path4.aspx 200
2015-06-12:00:08:57 100.220.144.1 GET /site/path1.aspx 200
2015-06-12:00:08:57 100.220.144.1 GET /site/path5.aspx 200
2015-06-12:00:08:58 100.220.144.1 GET /site/path1.aspx 200
2015-06-12:00:08:59 100.220.144.1 GET /site/path2.aspx 200
2015-06-12:00:08:59 100.220.144.1 GET /site/path3.aspx 200
2015-06-12:00:08:59 100.220.144.1 GET /site/path5.aspx 200
2015-06-12:00:08:59 100.220.144.1 GET /site/path4.aspx 200
Now, in the log, the most frequently accessed transaction or URL-path is:
(/site/path1.aspx -->/site/path2.aspx --> /site/path3.aspx)
Is there any way to detect this using Logstash? Please suggest.
This is what you'd normally use Elasticsearch for. What's the point of making Logstash perform this ranking? Given the example input above, what event(s) would you expect Logstash to produce?
I am expecting a new column to be created named "userpath" which will have all the userpaths(collection of URIs in sequence between a entry URI(say, Login.jsp) and exit URI(say, LogOut.jsp)).
But, want to consider few more scenarios to get a more accurate result,like:
1 . If the user logs-In, but then doesn't click on LogOut, and again comes to Login Page. So, (Login.jsp --- /somePage1.jsp --- /somePage2.jsp --- Login.jsp ) should be the path.
2 . If the user logs in and timeout occurs(say, timeout = 15 mins). So in this case, from (Login.jsp --- whatever he has clicked till timeout) should be the userpath.
etc..
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.