Advanced use of transactions
Let's consider some more advanced uses of Splunk transactions.
Configuring transaction types
As we stated earlier in this chapter, a transaction is defined as a collection of conceptually-related events that occur over a period of time, and a transaction type is a transaction that has been saved or defined in Splunk. To this point, any series of events (transactions) can be turned into a transaction type. To create transaction types, you use the transactiontypes.conf file.
The transactiontypes.conf file
As with most features of Splunk, configuration (or .conf) files are used. To create (configure) transaction types in Splunk, you use the transactiontypes.conf file.
If you perform a search of your Splunk installation files, you should find two versions of this file named as follows:
transactiontypes.conf.exampletransactiontypes.conf.spec
These files can be used for reference.
You should create your version of the transactiontypes.conf file and place it at $SPLUNK_HOME...
