How SBF groups events
Splunk Business Flow identifies related events and groups them into ordered sequences called Journeys. The following example walks through how Splunk Business Flow groups events into Journeys, Journeys into the Flowchart, and introduces the idea of the Flow.
Events are grouped by Correlation ID
In this example, you are interested in tracking how customers make purchases on the Buttercup Game Store website. Consider the event log to be a timeline of events generated from a process or system. Each event contains a timestamp, a step, and a Correlation ID.
Steps
A step is the status of an action or process you want to track. The customer steps for an online purchase process could be: sign in, add to cart, purchase game.
Correlation IDs
Correlation ID(s) are unique descriptors of events such as user ID, customer ID, phone number, or caller ID. Splunk Business Flow uses Correlation IDs to identify related events in the event log and group them into Journeys. The Correlation ID in this diagram is user ID and it corresponds to three distinct identities: user123
, user456,
and user789
. Because there are three distinct identities, there are three Journeys. Each Journey contains the respective steps the user took during a period of time.
The following diagram shows a high-level overview of how Splunk Business Flow groups related events.
How SBF groups Journeys in the Flowchart
The Flowchart feature groups a collection of Journeys into a single, ordered sequence of steps. The following diagram represents the Flowchart for the Buttercup Game Store example. This Flowchart contains three Journeys and all of the steps included in those Journeys. The number next to each step reflects the number of Journeys this step appeared in.
Important concepts in Splunk Business Flow | Upload the tutorial data |
This documentation applies to the following versions of Splunk® Business Flow (Legacy): -Latest-
Feedback submitted, thanks!