Splunk Search

How does the searchtxn command work?

kozhin
New Member

Hello i have a problem with searchtxn:

"Error in 'searchtxn' command: This command must be the first command of a search."

and i don't understand how to use it correctly. i have events from one sourcetype and i need to paste them together. They have same number of device "645", but because i have a very long search with rex, i don't know how to paste them. Help me pls how to write correctly searchtxn

Tags (1)
0 Karma

stephanefotso
Motivator

Hello! Did you read the manual? http://docs.splunk.com/Documentation/Splunk/6.2.0/SearchReference/Searchtxn
Take a look at it, and let me know if any issue.

SGF
0 Karma

kozhin
New Member

yes i read. and i didn't understand this example.

0 Karma

stephanefotso
Motivator

The manual is clear. The command Efficiently retrieves transaction events matching the transaction type transaction-name that contain the text selected by search-string.
The example bellow, will Find all email transactions to root from David Smith.

| searchtxn email to=root from="David Smith"

If you still have problems, let me get your query

SGF
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...