Slice logs based on start and end of an user session

satheeshravir · November 12, 2016, 12:27am

Hi,
I have multiple sets of user session start and end events. I would like to slice the logs within session start and end time frame. Then group them as events occurred within user session. I don't have any ID to uniquely identify a session. All I have is just logs for session start and end. Is there a way to accomplish this in elastic search?

Sample Logs:
date: 2016-10-25T02:12:22.234Z, message: "Session Started", UserID: 42342342
date: 2016-10-25T02:12:24.234Z, message: "User clicked the page My Account", UserID: 42342342
date: 2016-10-25T02:12:27.234Z, message: "User added item", UserID: 42342342
date: 2016-10-25T02:12:30.234Z message: Session ended "My Account", UserID: 42342342

In the above sample, I would like to slice and bucket the middle two logs for different sessions.

Thank you,
Satheesh

danielmitterdorfer · November 14, 2016, 9:46am

Hi @satheeshravir,

you want to look for "entity centric indexing". This talk from Mark should get you started: https://www.elastic.co/videos/entity-centric-indexing-mark-harwood

Daniel

satheeshravir · November 21, 2016, 10:34pm

Thank you. I have checked that before. I wanted to see whether there is any other way of solving the problem.

system · December 19, 2016, 10:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grouping logs into sessions Elasticsearch painless	8	546	December 22, 2023
Elastic event flow Elasticsearch	2	524	December 12, 2016
Divide users by the number of weekly sessions using aggregates from events_index Elasticsearch	1	399	June 10, 2020
Splitting Records With Start and End Times Into Separate Documents With A Timestamp Every X Minutes Logstash	6	115	July 18, 2024
Entity-centric indexing with Transforms Elasticsearch transforms	5	1356	August 4, 2021

Slice logs based on start and end of an user session

Related topics