Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

transaction question

hylee
Explorer
‎07-09-2013 10:02 PM

I use the code below, and it works..

sourcetype="splunk_page_request" | transaction session_id maxspan=3s

and I want to use the code below

sourcetype="splunk_page_request" | transaction request_uri AND session_id maxspan=3s

it works?
please explain how to work the upper code..

actually, I want the result below

if below
request_uri=1 session_id=a time=2013/07/10 12:00:00
request_uri=2 session_id=a time=2013/07/10 12:00:02

count is 2

if below
request_uri=1 session_id=a time=2013/07/10 12:00:00
request_uri=1 session_id=a time=2013/07/10 12:00:02

count is 1

someone please help me..

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

linu1988
Champion
‎07-09-2013 10:37 PM

sourcetype="splunk_page_request" | transaction request_uri session_id maxspan=3s

View solution in original post

Reply
Solved! Jump to solution

hylee
Explorer
‎07-10-2013 06:59 PM

Thank you so much!!

0 Karma
Reply
Solved! Jump to solution
Solution

linu1988
Champion
‎07-09-2013 10:37 PM

sourcetype="splunk_page_request" | transaction request_uri session_id maxspan=3s

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...