Let's break down the search piece by piece:
Search fragment |
Description |
index=main sourcetype=access_combined |
You should be familiar with this search from the recipes in previous chapters. It is used to return events from the website access log. |
| transaction JSESSIONID |
Using the transaction command, we group events together based on their given JESSIONID to form a single transaction. The JSESSIONID field is chosen as each visitor to the website is given a random session identifier whose value is stored in this field. One of the fields created by the transaction command is the duration field. The duration field represents the amount of time, in seconds, between the first and last events in the transaction. ... |