Transaction Analytics
Download as PPTX, PDF0 likes998 views
The document discusses transaction mining and its applications in analyzing sequences of logs for insights into user behavior in payment processing and e-commerce. It introduces a transaction operator capable of performing both unordered and ordered analyses of transactions, highlighting the importance of mapping states and transaction IDs. Visualization tools like the Sankey diagram are also featured to illustrate the flow and transitions between different user states during transactions.
![Transaction Operator - Mapping States (examples)
| transaction on sessionid
with "Starting session *" as init,
with "Initiating countdown *" as countdown_start,
with "Countdown reached *" as countdown_done,
with "Launch *” as launch
_sourceCategory=ecom "/login" OR "/checkout”
| parse regex "(?<ip>d{1,3}.d{1,3}.d{1,3}.d{1,3})"
| parse regex "GET (?<url>[^" ]+)"
| where url matches "/login" or url matches "/checkout*"
| parse regex field=url "^(?:/checkout)?/(?<step>[A-Za-z0-9_]+)"
| transaction on ip
with states login, cart, checkout, shipping_method, billing, review, progress, confirmation in step
6](https://image.slidesharecdn.com/transactionanalyticssumologic-141025164323-conversion-gate01/85/Transaction-Analytics-6-320.jpg)
Transaction Analytics
- 1. Transaction Mining for Deeper Machine Data Intelligence Ariel Smoliar
- 2. Analyzing Related Sequences of Logs - Use Cases Phone registrations failures over specific period Tracking transactions in payment processing platform Tracking a renewal or new signup transaction E-commerce: typical user session, anomalous checkout transactions, catching drop off in checkout Tracking users on-boarding process Attribution modeling - Determining the origin of a user action How Sumo Logic handles a search query and on-boarding of new users 2
- 3. Transaction (operator) Capability The new capability provides tools to analyze related sequences of logs Two main modes of operation: unordered and ordered transaction analysis Several result type view: – Unordered analysis by transaction, states (and filtering) – Ordered analysis by flow (and drill-down from the graph) 3
- 4. Transaction Operator - Required Components The operator requires the following components: – Transaction IDs (Session ID, IP, user name, email, etc.) to group related messages together – States mapping from the logs 4
- 5. Transaction Operator - Transaction IDs (examples) transaction on ip transaction on userid, usersessionid transaction on sessionid transaction on location, part 5
- 6. Transaction Operator - Mapping States (examples) | transaction on sessionid with "Starting session *" as init, with "Initiating countdown *" as countdown_start, with "Countdown reached *" as countdown_done, with "Launch *” as launch _sourceCategory=ecom "/login" OR "/checkout” | parse regex "(?<ip>d{1,3}.d{1,3}.d{1,3}.d{1,3})" | parse regex "GET (?<url>[^" ]+)" | where url matches "/login" or url matches "/checkout*" | parse regex field=url "^(?:/checkout)?/(?<step>[A-Za-z0-9_]+)" | transaction on ip with states login, cart, checkout, shipping_method, billing, review, progress, confirmation in step 6
- 7. Transaction Operator - fringe cut-off Queries are constrained by a time window Some transactions may be cut off if they occur near the edges of the window Filter the transactions by using the fringe argument 7
- 8. Unordered Analysis Not taking into account the ordering of the messages within a transaction Covering many of the use cases 8
- 9. Results for Unordered Analysis (1/3) 9 by transactions - counts the number of times a transaction hits a state Transactions can be filtered by using where states="___110” Threshold (on count) for a state can be added, with the thresh argument with "…" thresh=2 as Aggregates other than count can be specified using the showing clause, the first aggregate definition applies globally, additional aggregates may relate to a specific state. To count, use the function sum(“1”)
- 10. Results for Unordered Analysis (2/3) 10 by states - number transactions with specific states combination
- 11. Results for Unordered Analysis (3/3) 11 by logs - shows the actual logs for the transactions that satisfy the filter, where statues=“101_1110”
- 12. Ordered Analysis Monitoring transition between (two distinct) states Which transitions does a transaction go through Number of transactions between transitions Latency between transitions Supports the Sankey diagram (new chart type) 12
- 13. Results for Ordered Analysis 13 by flow - The default aggregate between states is count, but users can add other aggregates (max(latency) or avg(latency))
- 14. Sankey Diagram - A New Chart Type Sankey diagram is used to visualize the magnitude of flow between states in ordered analysis New chart icon in the Search page, enabled only for the relevant syntax (otherwise grayed out) 14
- 15. Sankey Diagram - Sumo’s Site 15
- 16. Sankey Diagram - UI Features (1/3) Hovering over the state box exposes inbound and outbound flow 16
- 17. Sankey Diagram - UI Features (2/3) 17 Hovering over the link exposes the count and flow direction
- 18. Sankey Diagram - UI Features (3/3) Try to drag the state boxes vertically 18
- 19. Sankey Diagram - Drilldown from the graph! Clicking on a link/edge between two states will launch a new search showing only the relevant result for the transition 19
- 20. Sankey Diagram - Specified Topology 20 E-commerce website