Splunk Search

Is there any limit for field value for the transaction command?

apezuela
Explorer

Hi,

Is there any limit for field value for transaction command?

I am executing transaction command over Security_ID field but Splunk is grouping events where Security_ID is different. For example:

Security_ID
S-1-5-21-1275861439-237309362-10498456-49961

S-1-5-21-1275861439-237309362-10498456-51020

Best regards

0 Karma

skoelpin
SplunkTrust
SplunkTrust

stats would be a better approach than transaction

0 Karma

sarvan7777
New Member

Please could you elaborate what you are trying to do with the Transaction command. Are you trying to group events based on Secure_ID, if that is the case, I don'e think you will need Transactions command in the first place

0 Karma

p_gurav
Champion

Can you share sample data and search query you are running?

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...