Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create eventtype on transaction

nikunj_mochi
New Member
‎05-25-2016 01:25 AM

Hi Team,

I am creating a pie chart based on eventtype. For my one of the application logs, I have two logs for one unique request. So, I have used transaction to find out duration, but now the problem is I can't create eventtype on transaction. Could you please suggest an alternate?

Please let me know if any further detail required.
I have search like below on which I want to create an eventtype:

host="prod-ep-*"    | transaction GUID,Thread_Name,transType maxevents=2

Thanks
Nikunj

0 Karma
Reply

sjohnson_splunk
Splunk Employee
Splunk Employee
‎05-25-2016 07:39 AM

Do you already have an eventtype for one of the events in the transaction? I think that should be carried over into the resulting transaction . Maybe something as simple as basing it off of the sourcetype of one of the events.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-25-2016 05:36 AM

Can you provide sample data of the logs as well as how you're extracting each sourcetype? (inputs, props, & transforms if applicable)

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top