no data after Transaction

pengium12 · ‎09-17-2021

What could be reason that there are no data available after grouping using a transaction command? Before grouping using a transaction, there are data available.

PickleRick · ‎09-17-2021

If I understand you correctly, when you do bare search it returns some even but after adding a transaction command to it, you don't get any results, right?

Are you sure you're specifying existing field with the transaction command? If you specify wrong field, you won't get any transactions.

richgalloway · ‎09-17-2021

You likely have no events that meet the criteria specified in the transaction command. Please share your query and some sample events.

---
If this reply helps you, Karma would be appreciated.

pengium12 · ‎09-23-2021

There are events found, But there are no data showed in the list.

richgalloway · ‎09-23-2021

Again I ask you kindly to share the query and sample (sanitized) events.

---
If this reply helps you, Karma would be appreciated.

no data after Transaction

transaction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation

no data after Transaction

transaction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026