Hi,
I am trying to transaction a scenario here where startswith
should start with A or B condition and endswith
should be with C or D condition. example:
Transaction startswith= A or B endswith= C or D
Hi Venkat_16,
this is possible, look at the docs http://docs.splunk.com/Documentation/Splunk/6.2.1/SearchReference/Transaction in the section Filter string options it says:
<filter-string> Syntax: <search-expression> | (<quoted-search-expression>) | eval(<eval-expression>)
Description: A search or eval filtering expression which if satisfied by an event marks the end of a transaction.
<search-expression> Description: A valid search expression that does not contain quotes.
<quoted-search-expression> Description: A valid search expression that contains quotes.
<eval-expression> Description: A valid eval expression that evaluates to a Boolean.
This means running something like this will work:
transaction startswith="A OR B" endswith="C OR D" <yourfield>
Don't forget to use a field that will be used to build your transaction.
Hope that helps ...
cheers, MuS