Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way to make transaction wait or end before starting new transaction?

morganj1
Explorer
‎05-30-2022 04:23 AM

Hi, is there a way to make a Splunk transaction wait until it has ended, before starting another transaction.

 

e.g. if I have (with latest results at the top)

a end
b start
c start
d end
e end
f start
g start
h start

 

What I get from Splunk here would be transactions: f->e, g->d and b->a.

But what I want is h->e and c->a, so once it's found "start" it then looks for "end", and then looks for the next "start" after that... etc.

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-30-2022 05:09 AM

Hi @morganj1,

it's possible if you have a field (e.g. transaction_id) to use as a correlation key to correlate events, if you use startswith and/or endswith options it isn't possible.

Anyway, if you have a field to use as key, see a different approach using the stats command instead transaction because the thansaction command is very slow!

Ciao.

Giuseppe

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎05-30-2022 05:27 AM

You could also try to transform your data so that it keeps only the first "start" in a row (by using autoregress/streamstats to get previous value and only leave the "start" if it was preceeded by an "end")

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎05-30-2022 11:59 AM

If you are sure that those 'in-between' events are useless, you can even use dedup to filter them out.

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...