Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
11 results
Sorted by:
06-10-2015
03:02 AM
Hello i have a problem with searchtxn:
"Error in 'searchtxn' command: This command must be the first command of a search."
and i don't understand how to use it correctly. i have events f...
- Tags:
- searchtxn
08-23-2011
03:31 PM
I've something of a challenge: How to best generate a single event in a summary index that is based on a transaction across four different fields when there is not a 1:1 relationship across all the f...
Show results in replies (5)
-
You may want to look at the searchtxn command. It may be better suited for what you're looking f...
-
I've never looked at searchtxn before -- let me check that out.
-
Good point, searchtxn is a better fit for this use case than transaction.
-
I can't seem to get searchtxn to work. I've defined a transaction that I have verified works with t...
-
...anpage. Anything I can change to give searchtxn a better shot?
06-07-2022
05:14 AM
Currently we are looking ingesting events that have multiple eventIDs that log in new lines. We want to have those appear as one event in splunk since trying to run a "| transaction event_id" slows o...
- Tags:
- getting-data-in
Labels
- Labels:
-
props.conf
03-16-2016
11:41 AM
Scenario:
I am searching email event logs. I can find some of the needed fields by a unique id (UID) and I find some fields by diffferent unique id (X-UID). Some events contain both UID and X-UID...
- Tags:
- correlation
- join
Show results in replies (3)
-
Thank you Martin, your first option works. The searchtxn I have not confirmed yet, but I will k...
-
I have significantly extended the actual answer, please give the searchtxn approach a shot and l...
-
...f building those subsearch-monsters manually, there is a much-forgotten search command searchtxn t...
03-31-2016
11:23 AM
1 Karma
I am attempting to set up an initial transactiontypes.conf file in $SPLUNK_HOME/etc/system/local so I can use [searchtxn], however, I am not understanding the documentation and setup correctly.
T...
04-16-2010
06:17 PM
When searching for email addresses in our sendmail logs, it helps to see the full transaction by using the queue id (qid) field.
Search command:
sourcetype="sendmail_syslog" | transaction fiel...
- Tags:
- sendmail
- transactions
05-22-2014
02:46 AM
13 Karma
...ontained
syn keyword splunkAlerting sendemail contained
syn keyword splunkAppend append appendcols join selfjoin contained
syn keyword splunkFilter dedup fields mvcombine regex searchtxn table u...
02-21-2013
01:06 PM
2 Karma
So I’m trying to link a couple different fields together to get the data I’m looking for, but it involves a couple steps and not sure how to put this subsearch together. I’ve been able to extract fie...
02-11-2015
01:25 PM
I'm sorry, I am not even sure how to ask this question or whether the subject line really explains what I am after.
I am looking at IronPort logs and have to nest a search in order to get all the ...
- Tags:
- table
09-14-2010
07:02 PM
I have a multithreaded application that writes out intermingled logs and having performance issues searching with transactions, and looking for a simpler way to coalesce events.
simplified mylog.l...
