Advanced use of transactions
Let's consider some more advanced uses of Splunk transactions.
Configuring transaction types
As we stated earlier in this chapter, a transaction is defined as a collection of conceptually-related events that occur over a period of time, and a transaction type is a transaction that has been saved or defined in Splunk. To this point, any series of events (transactions) can be turned into a transaction type. To create transaction types, you use the
The transactiontypes.conf file
As with most features of Splunk, configuration (or
.conf) files are used. To create (configure) transaction types in Splunk, you use the
If you perform a search of your Splunk installation files, ...