Transaction search
To help identify events that occur over a period of time and can be configured as a transaction, you can use a Splunk transaction search. The transaction search command, which works with both Splunk Web and the command-line interface, produces groups of indexed events as its output. This output can of course be used in reports or configured as a transaction type for later reuse (we'll explain this later in this chapter).
To use a transaction search, you can perform one of the following tasks:
Call a transaction type that you configured in the
transactiontypes.conf
fileDefine transaction constraints in your search by setting the search options of the
Transaction
command
There are many options that allow the Splunk transaction search to recognize and group events into a Splunk transaction that meet your particular needs. For example, you can perform the following actions:
You can identify (as a transaction) where the first and last events are separated by a time span that does...