Chapter 9. Transactional Splunk

This chapter will define and describe Splunk transactions from an enterprise (or global to the organization) perspective.

The following topics will be covered in this chapter:

Transactions and their types
Advanced use of transactions such as:
- Configuring transaction types
- Grouping events
- Concurrent events
- What to avoid?

In Chapter 2, Advanced Searching, we talked briefly about Splunk transactional searching. In this chapter, we will take a much closer look at this important topic.

Transactions and transaction types

We'll start by defining two important Splunk terms: transactions and transaction types.

	"A transaction is any group of conceptually-related events that spans time."
	--Splunk documentation

To illustrate, an out ...

Get Mastering Splunk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Splunk by James Miller

Chapter 9. Transactional Splunk

Transactions and transaction types

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly