Skip to main content
Do you build apps on Splunk or are a Splunk admin? If so, we want to hear from you. Help shape the future of Splunk and win a $35 gift card!

Take the Survey
Lantern Home
 
 
Splunk Lantern

Monitoring payment responses

  1. Last updated
  2. Save as PDF

 

You work for a retail bank. Processing payments is a core function that banks like yours provide to customers. You need to be able to identify the status and response time of each payment and determine whether service level agreements are being achieved.

​Data required

Application data for payment processing

Procedure

  • Splunk recommends that customers look into using data models, report acceleration, or summary indexing when searching across hundreds of GBs of events in a single search. The searches provided here are a good starting point, but depending on your data, search time range, and other factors, more can be done to ensure that they scale appropriately.
  • Some commands, parameters, and field names in the searches below may need to be adjusted to match your environment. In addition, to optimize the searches shown below, you should specify an index and a time range when appropriate.
Payment responses

Payments requests that have no response indicate an error condition and, more importantly, cause customer dissatisfaction. You need a search to be able to quickly identify and report on this problem.

sourcetype=<payment processing data>
|stats values(action) AS action values(customer) AS customer values(amount) AS amount  count BY sessionID
|where count=1
|eval amount=tostring(round(amount, 2),"commas")

Knowing which responses took the longest in terms of duration to process is important to meet SLAs. Payments that take too long to process may be subject to fines and cause customer dissatisfaction.

sourcetype=<payment processing data>
|stats count values(customer) AS customer values(amount) AS amount  values(_time) AS _time first(epoch) AS first last(epoch) AS last BY sessionID
|where count>1
|eval duration=last-first
|eventstats avg(duration) AS avgdur stdev(duration) AS stdev
|where duration>(avgdur+(2*stdev))
|fields - first last count _time
|sort - duration
|table sessionID customer amount duration avgdur stdev
|eval amount=tostring(round(amount, 2),"commas")

Counts of payment requests and responses over time shows how your systems are performing. Tracking this statistic allows you to gather insights on treating your best customers to better service.

sourcetype=<payment processing data>
|timechart count span=5m fixedrange=F
Payment SLAs

A key KPI in the financial industry is how many transactions met SLAs and did not meet SLAs for duration/response time. Payments that take too long to process may be subject to fines and cause customer dissatisfaction. Seeing the affected monetary values for such payments can help drive an organization to take action..

sourcetype=<payment processing data>
|stats count first(amount) AS amount  first(_time) AS first last(_time) AS last BY sessionID
|where count>1
|eval duration=last-first
|rangemap field=duration Met_SLA=1-1500 Near_SLA=1501-2200 Missed_SLA=2201-10000 default=Missed_SLA
|chart sum(amount) AS TotalAmount BY range
|eval TotalAmount=tostring(TotalAmount,"commas")

A key KPI in the financial industry is how many transactions met SLAs and did not meet SLAs for duration/response time. Payments that take too long to process may be subject to fines and cause customer dissatisfaction.

sourcetype=<payment processing data>
|stats count  first(_time) AS first last(_time) AS last BY sessionID
|where count>1
|eval duration=last-first
|rangemap field=duration Met_SLA=1-1500 Near_SLA=1501-2200 Missed_SLA=2201-10000 default=Missed_SLA
|chart count BY range
Customers with the most processed payments

This search shows customers who have the most payments cleared. By knowing who are the top users getting responses, you can gather insights on treating your best customers to better service.

sourcetype=<payment processing data>
|stats count values(_time) AS _time values(amount) AS amount BY customer
|where count>2 AND (count%2==0)
|eval CompletedPayments=count/2
|top CompletedPayments BY customer 
|sort -CompletedPayments
|head 10
|fields - count, percent
Average completed payment duration over time

Average payment duration over time shows how your systems are performing. Tracking this statistic allows you to gather insights on treating your best customers to better service.

sourcetype=<payment processing data>
|stats count  values(_time) AS _time first(epoch) AS first last(epoch) AS last BY sessionID
|where count>1
|eval duration=last-first
|timechart avg(duration) span=5m fixedrange=F

Next steps

Add the results of these searches to dashboards so you can monitor activity. Investigate requests and response times that do not meet your SLAs. You can also use the results to report on key performance indicators, improve your payment response application, and make decisions on how to improve customer service.

The Splunk Essentials for the Financial Services Industry app helps you automate the searches provided in this article. The app also provides more insight on how they can be applied in your environment, how they work, the difficulty level, and what data can be valuable to run them successfully. In addition, the Splunk Essentials for the Financial Services Industry app provides a number of other monitoring and reporting solutions for banking services:

These additional Splunk resources might help you understand and implement this use case:

Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at ondemand@splunk.com if you would like assistance.