9
August 15, 2011 .conf 2011 Keynote Outline Web Analytics Throwdown with NPR and Intuit Sondra Russell and Tim Suh
| Date post: | 08-May-2015 |
| Category: |
Technology |
| Upload: | erin-sweeney |
| View: | 955 times |
| Download: | 2 times |
August 15, 2011
.conf 2011Keynote Outline
Web Analytics Throwdown with NPR and Intuit
Sondra Russell and Tim Suh
© Copyright Splunk 2011Splunk Worldwide Users’ Conference 2
24/7
© Copyright Splunk 2011Splunk Worldwide Users’ Conference 3
Why Splunk?I started using Splunk because I could…
I fell in love because I could….
• Crunch raw logs • Make pretty reports• Still go back into the raw data• Easily group scattered log lines into single transactions• Slice and dice in new ways•Actually use data to inform decisions
© Copyright Splunk 2011Splunk Worldwide Users’ Conference 4
Audio and Video Tracking: The Basic Setup
MP3 Downloads
On Demand FlashLive Streams
ProgramID(?P<ProgramID>[^\/]*)(?=\/)
UserAgent(?P<UserAgent>[^\"]*)(?=\")
AppVersion“*(? =\/)”
Ingest Raw Data
ExtractFields
DefineTransactions
> sourcetype = download AND status < 300 AND Method=Get | transaction IPAddress UserAgent maxspan=120…
Create Summary Indexes
08/08/2011=>3180008/09/2011=>2965508/10/2011=>2990308/11/2011=>5344308/12/2011=>3259308/13/2011=>8865408/14/2011=>11231
1 2 3 4
© Copyright Splunk 2011Splunk Worldwide Users’ Conference 5
> index=“summary” search_name=“si_download_programID” ProgramName=“All Songs Considered”
“How has my podcast been doing?”
pulls from the summary index
maps ProgramID to lookup table
© Copyright Splunk 2011Splunk Worldwide Users’ Conference 6
> * | eval Platform = mvfilter(match(eventtype,"plat*")) | timechart span=1w count by Platform
“What platforms are people using to access our show?”
Filters for eventtypes that include “plat”
plat_iphone_browserUserAgent="*iPhone*" AND UserAgent!="*NPRRadio*" AND UserAgent!="*iPod*“ AND sc!=18
© Copyright Splunk 2011Splunk Worldwide Users’ Conference 7
> * | rex field=_raw "Darwin\/(?<Version>[0-9\.]*)\"“ | top Version
“What percentage of our users have upgraded?”
Uses regex to extract element from raw log
"NPRMusic/2.7 CFNetwork/459 Darwin/10.0.0d3"
© Copyright Splunk 2011Splunk Worldwide Users’ Conference 8
> index=“twitter” | stats count by story_url
“Which stories are getting Tweeted the most?”
timestamp="2011-07-18T15:40:34Z", author="drpdtapp (Dr. P. D Tapp)", tweet="Tinnitus: Why Won't My Ears Stop Ringing?”, story_url="http://www.npr.org/2011/07/18/138163304/tinnitus-why-wont-my-ears-stop-ringing?sc=tw",
Creates reports from a custom log
August 15, 2011
.conf 2011Keynote Outline
Questions?
Sondra Russell and Tim Suh
