To help identify events that occur over a period of time and can be configured as a transaction, you can use a Splunk transaction search. The transaction search command, which works with both Splunk Web and the command-line interface, produces groups of indexed events as its output. This output can of course be used in reports or configured as a transaction type for later reuse (we'll explain this later in this chapter).
To use a transaction search, you can perform one of the following tasks:
- Call a transaction type that you configured in the
- Define transaction constraints in your search by setting the search options of the
There are many options that allow the Splunk transaction search ...