Splunk® Business Flow (Legacy)

Get Started with Splunk Business Flow Tutorial

Splunk Business Flow is no longer available for purchase as of June 20, 2020. Customers who have already purchased Business Flow will continue to have support and maintenance per standard support terms for the remainder of contractual commitments.

How SBF groups events

Splunk Business Flow identifies related events and groups them into ordered sequences called Journeys. The following example walks through how Splunk Business Flow groups events into Journeys, Journeys into the Flowchart, and introduces the idea of the Flow.

Events are grouped by Correlation ID

In this example, you are interested in tracking how customers make purchases on the Buttercup Game Store website. Consider the event log to be a timeline of events generated from a process or system. Each event contains a timestamp, a step, and a Correlation ID.

Steps

A step is the status of an action or process you want to track. The customer steps for an online purchase process could be: sign in, add to cart, purchase game.

Correlation IDs

Correlation ID(s) are unique descriptors of events such as user ID, customer ID, phone number, or caller ID. Splunk Business Flow uses Correlation IDs to identify related events in the event log and group them into Journeys. The Correlation ID in this diagram is user ID and it corresponds to three distinct identities: user123, user456, and user789. Because there are three distinct identities, there are three Journeys. Each Journey contains the respective steps the user took during a period of time.

The following diagram shows a high-level overview of how Splunk Business Flow groups related events. This diagram shows how Splunk Business Flow groups related events into Journeys. The event log lists a series of events from the Buttercup Games Game Store. Each event has a timestamp from when the event occurred, a Correlation ID, and a step. The Correlation ID is the user ID of the customer. In this case, there are three unique user IDs. The step is the action the customer took, such as add to cart, apply coupon, and submit. Splunk Business Flow groups the events by Correlation ID, in this case, the unique user IDs. There are three Journeys, which correspond to the three User IDs. The Journeys list the corresponding steps in chronological order.

How SBF groups Journeys in the Flowchart

The Flowchart feature groups a collection of Journeys into a single, ordered sequence of steps. The following diagram represents the Flowchart for the Buttercup Game Store example. This Flowchart contains three Journeys and all of the steps included in those Journeys. The number next to each step reflects the number of Journeys this step appeared in.

This diagram shows how Splunk Business Flow groups Journeys into the Flowchart feature. The Flowchart contains three Journeys and all of the steps included in those Journeys. The flowchart lists all steps from the three Journeys and the frequency of each step.

Last modified on 01 April, 2020
Important concepts in Splunk Business Flow   Upload the tutorial data

This documentation applies to the following versions of Splunk® Business Flow (Legacy): -Latest-


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters