I am using Transaction command to group events in one line and want to see this in a table format. Have the "order_number" as a unique identifier. All of the events related to the ordernumber are written at the same time except conformation info. For some reason conformation information is getting dropped. Is it because conformation doesn't occur till way past 1000 events and is there a way around it? index=client1 (item=giftcard OR info=billing OR info=purchase_detail OR info=confirmation) | transaction Order_number keepevicted=true | where isnotnull(category)| table order_number, date, paytype, method, ip, confirmation_name ... View more