Solved: Re: How to use NOT in Transaction command

logloganathan · ‎02-25-2019

i have query like below and got result

index=ABC host=xyz123 | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m

now i want to display the result opposite of this

index=ABC host=xyz123 NOT ( | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m)

how to achieve this?

logloganathan · ‎02-25-2019

i have completed the task

index=ABC host=xyz123 | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m keepevicted=true | search closed_txn=0

logloganathan · ‎02-25-2019

i have completed the task

index=ABC host=xyz123 | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m keepevicted=true | search closed_txn=0

FrankVl · ‎02-25-2019

Great, thanks for sharing the solution!

logloganathan · ‎02-25-2019

I want this solution should help others..thanks..

FrankVl · ‎02-25-2019

So, you want all events that are not part of that transaction? Can you be a bit more clear on what output you expect to get?

logloganathan · ‎02-25-2019

thanks for your response but i have completed the query by myself.

Please find the answer

How to use NOT in Transaction command