Skip to main content
Splunk Lantern

Payment response missing

​​The table below explains in detail the steps of a Splunk Enterprise or Splunk Cloud Platform search to help find all payment requests that have no responses. For more information, review the use case monitoring payment responses.

Some commands, parameters, and field names in the searches below may need to be adjusted to match your environment.  In addition, to optimize the searches shown below, you should specify an index and a time range when appropriate.

Splunk recommends that customers look into using data models, report acceleration, or summary indexing when searching across hundreds of GBs of events in a single search. The searches provided here are a good starting point, but depending on your data, search time range, and other factors, more can be done to ensure that they scale appropriately.  

Splunk Search Explanation
|sourcetype=<payment processing data> Search only your payment processing data.
|sort - _time Sort the results from oldest to newest.
|stats values(action) AS action values(customer) AS customer values(amount) AS amount  count BY sessionID Display the actions, customers, and amounts in payment transactions and group the payments by their unique identifier.
|where count=1 Filter results to those where the count equals 1.
|eval amount=tostring(round(amount, 2),"commas") Convert the amount to a string rounded to two values, using a comma when needed.