Solved: Searching by Transaction TYPE

mikefoti · ‎09-07-2012

The following query finds what I would call "RejectedTrasnactions"

index="radius"  | transaction nps_Class maxspan=1s startswith=(eventtype=nps_accessRequested) endswith=(eventtype=nps_accessReqRejected)| timechart count by nps_callingStation

I use a similar query to find "AcceptedTrasnactions"

If opt to add appropriate code to transactions.conf, is there a way to gather stas based on transaction types? For example, would a query like this show me how many of each transaction type occurred per time period?

index="radius" |timechart count by transaction

MarioM · ‎09-09-2012

it's actually transactiontypes.conf but it only allow to call 1 transaction definition by using "... | transaction name=mytransactiondef ..." and this "name" field doesnot seems to be searchable.

Then i would try a different way either using summary indexing & marker or eval & case function

View solution in original post

MarioM · ‎09-09-2012

it's actually transactiontypes.conf but it only allow to call 1 transaction definition by using "... | transaction name=mytransactiondef ..." and this "name" field doesnot seems to be searchable.

Then i would try a different way either using summary indexing & marker or eval & case function

Searching by Transaction TYPE

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

Join the Conversation