cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
bobby_d
Engager
Member since: ‎06-07-2022
‎06-07-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎06-07-2022
Activity Feed
View All

Re: transactiontype.conf usage

by in Getting Data In
‎06-07-2022 08:18 AM
‎06-07-2022 08:18 AM
Thanks @richgalloway looks like I misunderstood what transactiontypes.conf purpose would be. Would there be any way that you could do a transaction at index time?  ... View more

How to use transactiontype.conf usage?

by in Getting Data In
‎06-07-2022 05:14 AM
‎06-07-2022 05:14 AM
Currently we are looking ingesting events that have multiple eventIDs that log in new lines. We want to have those appear as one event in splunk since trying to run a "| transaction event_id" slows our searches down significantly.  It looks like we should be able to use transactiontypes.conf but I am confused on how to get this to work. We are extracting the event_id in props.conf with event_id_test and then have a transactiontypes.conf that is looking to perform a transaction on the fields  event_id_test but so far it is not performing the transaction at all though the event_id_test field is being extracted.  I tried reading through the docs for this but can not see what I am missing or doing wrong based on the splunk docs on this.   props.conf: [test_props] EXTRACT-et = \.\d{3}\:(?P<event_id_test>\d+)   transactiontypes.conf: [test_props] maxspan=5s maxpause=5s fields=event_id_test ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-07-2022 04:59 PM
Karma given to
View All