Advanced use of transactions

Let's consider some more advanced uses of Splunk transactions.

Configuring transaction types

As we stated earlier in this chapter, a transaction is defined as a collection of conceptually-related events that occur over a period of time, and a transaction type is a transaction that has been saved or defined in Splunk. To this point, any series of events (transactions) can be turned into a transaction type. To create transaction types, you use the transactiontypes.conf file.

The transactiontypes.conf file

As with most features of Splunk, configuration (or .conf) files are used. To create (configure) transaction types in Splunk, you use the transactiontypes.conf file.

If you perform a search of your Splunk installation files, ...

Get Mastering Splunk now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.