Splunk Search

How can you filter a transaction where at least one of the paired events matches the criteria?

jkimmel6
Explorer

I have a transaction that pairs events based on three fields. Is it possible to then filter the results so that it only shows the paired events if at least one of the events has the field ‘Type’ containing the character ‘X’?

0 Karma
1 Solution

xpac
SplunkTrust
SplunkTrust

Hey,

Sure you can. Transaction combines all events of a transaction into one event, so if you append a | search Type=*x* after the transaction, it should do what you want.

View solution in original post

0 Karma

xpac
SplunkTrust
SplunkTrust

Hey,

Sure you can. Transaction combines all events of a transaction into one event, so if you append a | search Type=*x* after the transaction, it should do what you want.

0 Karma

jkimmel6
Explorer

Perfect, thanks.

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...