Advanced use of transactions

Let's consider some more advanced uses of Splunk transactions.

Configuring transaction types

As we stated earlier in this chapter, a transaction is defined as a collection of conceptually-related events that occur over a period of time, and a transaction type is a transaction that has been saved or defined in Splunk. To this point, any series of events (transactions) can be turned into a transaction type. To create transaction types, you use the transactiontypes.conf file.

The transactiontypes.conf file

As with most features of Splunk, configuration (or .conf) files are used. To create (configure) transaction types in Splunk, you use the transactiontypes.conf file.

If you perform a search of your Splunk installation files, ...

Get Mastering Splunk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Splunk by James Miller

Advanced use of transactions

Configuring transaction types

The transactiontypes.conf file

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly