Splunk Transaction | Splunk Documentation

Splunk Transaction: The transaction command detects transactions based on events that meet various constraints. Transactions are made up of the raw text (_rao field) of each member, first the member’s time and date fields, as well as all other regions of each member.

Additionally, the transaction command adds two fields to the raw events, duration, and a number of events. Period field values ​​show the difference between the timestamp for the first and last events in a transaction. The values ​​in the event count field indicate the number of events in the transaction.

Search options

Transactions returned at search time include the raw text of each event, the shared event type, and the field values. Transactions also contain additional data that is stored in fields: duration and transaction type.

Duration is the duration of the transaction (the difference between the timestamp of the first and last events of the transaction).
Transaction-type is the name of the transaction (as defined in transaction types. Defined by the verse name of the transaction).
You can add transactions to any search. For best search performance, craft your search and then pipe it to the transaction command. For more information, see the topic on Transaction Commands in the Search Reference Manual.

Read This: Onyx cloud serpent | how to get heavenly onyx cloud serpent

How to Use Transaction

The transaction order is much easier to use than it may seem. To use it in the Splunk search command, just follow this format:

| transactions

And all. The only requirement to use this command is, however, to get the most accurate results, it would be best to add a few more items to the line:

|transaction <field> maxevents=# startswith= “<value>” endswith=”<value>”

Full Guide Video Tutorial Splunk Transaction

Download Full Topic As PDF PDF Credit- https://docs.splunk.com/

Leave a Comment