Splunk® Business Flow (Legacy)

Get Started with Splunk Business Flow Tutorial

Acrobat logo Download manual as PDF


Splunk Business Flow is no longer available for purchase as of June 20, 2020. Customers who have already purchased Business Flow will continue to have support and maintenance per standard support terms for the remainder of contractual commitments.
Acrobat logo Download topic as PDF

Create a Flow Model

The marketing team at Buttercup Games implemented a new advertising campaign. As a business analyst at Game Store, use Splunk Business Flow to assess the success of the campaign. Learn how to create a Flow Model to track the customer workflow in the online store.

The Flow Model serves as the base for your Flow. Your Flow is where you begin your analysis and gain access to Filter Sets and Notifications. You can create multiple Flows from the same Flow Model. Creating a Flow enables users who do not have knowledge of SPL to interact with and explore the data.

Consider the visibility of your Flow Model

Setting a Flow Model visibility to Shared enables the ability to save and share Flows with users in your organization. Shared Flow Models count toward the Flow Model limit listed in your Splunk Business Flow license. Set Flow Models to Private for testing and development. Private Flow Models do not count toward the Flow Model usage. You can't create Flows from a Private Flow Model. If you set a Flow Model to Private after you create Flows, you cannot access the dependent Flows. The sbf_set_visibility_flow_model capability allows users to set the visibility of a Flow Model from Shared to Private and the reverse.

In this tutorial you set the Flow Model to Shared so that you can create a Flow.

Define the Flow Model

In the Flow Model, you define what field names you want to track, and how you want to correlate events. The Flow Model definition determines how SBF identifies and groups related events into ordered sequences called Journeys. The following components make up a Flow Model definition: a search and the fields that represent one or more Correlation IDs, Steps, and Attributes. The Search scans the event logs, transforms or extracts events based on the specifications of the search, and then returns the results.

Write a search

Follow these steps to write a search that captures the weblog and call center data you want to analyze.

Prerequisites
To complete this task you need the follow capabilities:

  • sbf_set_visibility_flow_model
  • sbf_edit_flow_modell

Steps

  1. In SBF, click the gear icon.
  2. Click New Flow Model
  3. Type Tutorial in the Name box.
  4. (Optional) Type a description.
  5. Set the visibility to Shared.
  6. Type the following in the Search box.

    | multisearch [search index = tutorial sourcetype = web-6] [search index = tutorial sourcetype = call_center | eval action = queue]

Select the Correlation IDs, Step, and Attribute

The correlation IDs for this product are customer_id and order_id because you are interested in events with both the customer and the product. The Max Duration determines how events are grouped into Journeys.

  1. Under Correlation ID, check customer_id and order_id.
  2. Under Step, check action.
  3. Under Attributes, check country.
  4. Select one hour as Max Duration.
    You know that the maximum length of a session on the website is one hour, so the max duration of a given Journey can't exceed an hour.

Validate

Next, validate that your Flow Model definition contains all the steps you are interested in tracking. The Validate tab is a space for you to verify that your Flow Model search returns the results you want to analyze. In the Validate tab, your filters and analyses do not persist past your session unless you save your work as a Flow. Consider increasing the time range or changing the view from Quick Mode to Standard Mode, or Complete Mode to view more Journeys and Steps in your Flow Model.

  1. Click the Validate tab.
  2. Select All Time in the time range picker.
  3. Click Save.

Check that the steps you want to track appear in the Flowchart

As a business analyst at Buttercup Games you are familiar with the weblogs traffic and typical Journey a user completes on the website. You consult a team member from the support center and confirm that the typical steps contained in a support call appear in the Flowchart. The steps shown in the Flowchart reflect the steps you want to track:

  • new account created
  • add-to-cart
  • apply coupon
  • purchase game
  • inbound call
  • call handled
  • call dropped
  • call queued
  • call disconnected

Configure Settings

In the Configure Settings tab you can view the dependent Flows and change the visibility of your Flow Model.

Create a Flow

Save a Flow so that you can begin your analysis and gain access to Filter Sets and Notifications.

  1. Click the house icon.
  2. Click New Flow.
  3. Select Tutorial from the Flow Model list.
  4. Type Tutorial Flow in the Name box.
  5. (Optional) Add a description.
  6. Click Create Flow.
Last modified on 22 April, 2020
PREVIOUS
What is a Flow Model? 		  NEXT
Get to know the Flow Explore features

This documentation applies to the following versions of Splunk® Business Flow (Legacy): -Latest-

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters