Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to reverse the data in transaction ?

graju89
Path Finder
‎04-25-2020 09:08 AM

Hi, I have some issue with transaction command. It works fine. but sometimes endswith pattern appear and startswith pattern in the log. So the transcation command failing to convert that as a transaction.

For example,
Works fine for below log,
XXXXXXXXXend
XXXXXXXXXstart
Occassionally the data reverses like below and trasnaction command doesnt find it
XXXXXXXXXstart
XXXXXXXXXend

Is there a wrok around for this?

0 Karma
Reply

PavelP
Motivator
‎04-25-2020 01:45 PM

Hello @graju89,

I haven't any good solution for you, so may be just use an ineffective way of appending two searches:

search ... |transaction startswith="start" endswith="end"  maxspan=10s|sort 0 - _time| fields action duration | append [search ... |transaction startswith="end" endswith="start"  maxspan=10s]
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...