Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

transaction with 2 different valued ID's

BenThwaites
Explorer
‎02-25-2018 02:15 PM

I have a set of wordpress tables I'm trying to build a transaction on. I have the following which is working well and placing wp_postmeta, wp_posts and wp_order_itemsmeta within a single transaction.

index=onstone (sourcetype="wp_order_items" OR sourcetype="wp_postmeta" OR sourcetype="wp_posts" OR sourcetype="wp_order_itemsmeta")
| eval id=coalesce(order_id,post_id, ID) 
| transaction id

However within wp_order_items there is the field 'order_item_id' which points to events within wp_order_itemsmeta which i need included within the transaction.

So essentially if i take below as an example, i have event1 and event2 in my transaction but i need event 3 in there as well.

event1 id=1
event2 id=1, id2=a
event3 id2=a

I've had a good hunt around and tried a combination of a few different things like including order_item_id ( | transaction id, order_item_id ) in the transaction command and running another transaction command after running the first transaction command with keeporphans=true but nothing seems to be doing the trick.

Any help would be much appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...