Skip to main content


Splunk Lantern

Payment response missing

You might need to find all payment requests that have no responses when doing the following:


In order to execute this procedure in your environment, the following data, services, or apps are required:


Payments requests that have no response indicate an error condition and, more important, cause customer dissatisfaction. You need a search to be able to quickly identify and report on this problem. 

To optimize the search shown below, you should specify a time range.  You may also need to adjust fields to match what is available in your data source. 

  1. Run the following search:
    |sourcetype=<payment processing data>
    |sort - _time
    |stats values(action) AS action values(customer) AS customer values(amount) AS amount  count BY sessionID
    |where count=1
    |eval amount=tostring(round(amount, 2),"commas")

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search Explanation
|sourcetype=<payment processing data> Search only your payment processing data.
|sort - _time Sort the results from oldest to newest.
|stats values(action) AS action values(customer) AS customer values(amount) AS amount  count BY sessionID Display the actions, customers, and amounts in payment transactions and group the payments by their unique identifier.
|where count=1 Filter results to those where the count equals 1.
|eval amount=tostring(round(amount, 2),"commas") Convert the amount to a string rounded to two values, using a comma when needed. 


When you find payment requests that don't have responses, investigate. A missing response is an error condition and will influence your service level agreements.