Let's consider some more advanced uses of Splunk transactions.
As we stated earlier in this chapter, a transaction is defined as a collection of conceptually-related events that occur over a period of time, and a transaction type is a transaction that has been saved or defined in Splunk. To this point, any series of events (transactions) can be turned into a transaction type. To create transaction types, you use the
As with most features of Splunk, configuration (or
.conf) files are used. To create (configure) transaction types in Splunk, you use the
If you perform a search of your Splunk installation files, ...