Transaction search
To help identify events that occur over a period of time and can be configured as a transaction, you can use a Splunk transaction search. The transaction search command, which works with both Splunk Web and the command-line interface, produces groups of indexed events as its output. This output can of course be used in reports or configured as a transaction type for later reuse (we'll explain this later in this chapter).
To use a transaction search, you can perform one of the following tasks:
- Call a transaction type that you configured in the
transactiontypes.conffile - Define transaction constraints in your search by setting the search options of the
Transactioncommand
There are many options that allow the Splunk transaction search ...
Get Mastering Splunk now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
