Hi all Splunkers!
So transactions.
I have 3 eventtypes, lets call them et-A, et-B and et-C and I want to find all Transactions with the order
where the boundaries are startswith=A and maxpause=30d
95% of cases are
"A->C",
"A->C->C-C"
"A->B->C+" etc.
the ones i want to find are of the structure:
"A->C->B->C"
The search is:
eventtype="et-*" |transaction id startswith=eval(eventtype=="et-A") maxpause=30d|where eventcount>3
Is there any good way to search out transactions with the desired order of events?
Thanks!
Been searching around here in answers for a bit and cant find an equivalent question. So if there is one just answer with a link to that question.
... View more