Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to use NOT in Transaction command

logloganathan
Motivator
‎02-25-2019 06:00 AM

i have query like below and got result

index=ABC host=xyz123 | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m

now i want to display the result opposite of this

index=ABC host=xyz123 NOT ( | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m)

how to achieve this?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

logloganathan
Motivator
‎02-25-2019 08:07 AM

i have completed the task

index=ABC host=xyz123 | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m keepevicted=true | search closed_txn=0

View solution in original post

Reply
Solved! Jump to solution
Solution

logloganathan
Motivator
‎02-25-2019 08:07 AM

i have completed the task

index=ABC host=xyz123 | transaction startswith="failure" endswith="success" maxevents=2 maxspan=1m keepevicted=true | search closed_txn=0

Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎02-25-2019 08:35 AM

Great, thanks for sharing the solution!

Reply
Solved! Jump to solution

logloganathan
Motivator
‎02-25-2019 08:45 AM

I want this solution should help others..thanks..

0 Karma
Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎02-25-2019 06:10 AM

So, you want all events that are not part of that transaction? Can you be a bit more clear on what output you expect to get?

0 Karma
Reply
Solved! Jump to solution

logloganathan
Motivator
‎02-25-2019 08:08 AM

thanks for your response but i have completed the query by myself.

Please find the answer

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...