Hi,
Is there any limit for field value for transaction command?
I am executing transaction command over Security_ID field but Splunk is grouping events where Security_ID is different. For example:
Security_ID
S-1-5-21-1275861439-237309362-10498456-49961
S-1-5-21-1275861439-237309362-10498456-51020
Best regards
stats
would be a better approach than transaction
Please could you elaborate what you are trying to do with the Transaction command. Are you trying to group events based on Secure_ID, if that is the case, I don'e think you will need Transactions command in the first place
Can you share sample data and search query you are running?