This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13
A transaction is any group of conceptually related events that spans time. A transaction type is a configured transaction, saved as a field in Splunk. Any number of data sources can generate transactions over multiple log entries.
For example, a customer shopping in an online store could generate a transaction across multiple sources. Web access events might share a session ID with the event in the application server log; the application server log might contain the account ID, transaction ID, and product ID; the transaction ID may live in the message queue with a message ID, and the fulfillment application may log the message ID along with the shipping status. All of this data represents a single user transaction.
Here are some other examples of transactions:
Transaction search is useful for a single observation of any physical event stretching over multiple logged events. Use the transaction command to define a transaction or override transaction options specified in transactiontypes.conf.
To learn more, read "Search for transactions" in this manual.
You may want to persist the transaction search you've created. Or you might want to create a lasting transaction type. You can save transactions by editing transactiontypes.conf. Define transactions by creating a stanza and listing specifications.
To learn more about configuring transaction types, read "Define transactions" in this manual.
Categories: V:3.4.10 | V:3.4.11 | V:3.4.12 | V:3.4.13