Important concepts in Splunk Business Flow

This topic introduces important concepts in Splunk Business Flow (SBF) so that you can learn how to glean meaningful insights about your data.

Flow Models and Flows in SBF

In SBF, you need to first create a Flow Model. "Flow Model" refers to a grouping of discrete information which represents a transaction, session, or other business process that is configured within Splunk Business Flow. When you create a Flow Model you validate that the Flow Model contains the repository of events that you want to analyze.

Create a Flow from a Flow Model to begin your analysis and gain access to Filter Sets and Notifications. You can create multiple Flows from the same Flow Model. Creating a Flow enables users who do not have knowledge of SPL to interact with and explore the data.

Create a Flow Model

When you create a Flow Model you need to define the Flow Model, validate the Flow Model, and Configure the Flow Model. The Flow Model serves as the base for your Flow. The following components make up a Flow Model definition: a search and the fields that represent one or more Correlation IDs, Steps, and Attributes. The Search scans the event logs, transforms or extracts events based on the specifications of the search, and then returns the results.

Define the Flow Model

In the Flow Model, you define what field names you want to track, and how you want to correlate events. The Flow Model definition determines how SBF identifies and groups related events into ordered sequences called Journeys.

What are Journeys in SBF?

A Journey contains all the steps a user or object executes during a process. In this tutorial, you created the Game_store weblogs Flow Model. Then, in the Explorer, Splunk Business Flow stitches together events into individual Journeys based on the Flow Model components. Use the List view to sort Journeys by duration, step count, or sequence or drill down into the details.

Example

The following flowchart shows one customer's Journey from the Game_store weblogs Flow Model. The Journey Details table lists all of the characteristics of the Journey, such as number of steps, attributes like location, and the duration of the Journey.

Validate the Flow Model

Next, validate that your Flow Model definition contains all the steps you are interested in tracking. If you do not see certain steps that you expected to find in your process, try changing the time range to increase the number of events in your Flow Model. Use the Validate Flow Model page to check if your Correlation ID, Step, and Attribute selections produce the results you want.

Configure The Flow Model

After you define and validate your Flow Model, configure your Flow Model settings.

Flow Model visibility can be either Private or Shared. Set a Flow Model to Shared to create Flows and share them with users in your organization. Shared Flow Models count toward the Flow Model limit listed in your Splunk Business Flow license.

Set a Flow Model to Private for testing and development. Private Flow Models do not count toward the Flow Model limit. You can preview private Flow Models but you cannot create Flows from them or share them with other users. If you set a Flow Model to private after you create Flows, you cannot access the saved Flows.

Create and Explore your Flow

The Flow is your workspace in SBF to create visualizations, perform analysis, and view metrics. When you save a Flow you gain access to Filter Sets and Notifications.