From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Join today to access over 24,900 courses taught by industry experts.
Using the transaction command - Splunk Tutorial
From the course: Practical Splunk: Build Data Intelligence through SPL, Reports, and Dashboards
Using the transaction command
- Grouping events. As you work in Splunk, you will invariably find that your data starts to get scattered across indexes, sources, and sourcetypes. Many times, you will need to group and correlate this data to make sense of it and to create useful reports. Splunk provides a way to do that. The SPL command transaction helps you to do just that. An important advantage of using transaction command to group events is it automatically creates few very useful fields, such as duration and eventcount. The transaction command. The syntax of the transaction command is simply pipe the results to transaction command followed by one or more constraints. You need to provide at least one constraint. Based on the constraint you provide, relevant events are automatically grouped. Once events are grouped into transaction, the events within the transactions are chronologically ordered, and this is different than how Splunk would normally display the search results when you perform a usual ad hoc search.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.