Evicted transactions can be distinguished from non-evicted transactions by checking the value of the ‘closed_txn’ field. keepevicted Syntax: keepevicted= Description: Whether to output evicted transactions. If you have Splunk Cloud, Splunk Support administers the settings in the nf file on your behalf. See also MDMS Definition | Law Insider Memory control options Description: A valid eval expression that evaluates to a Boolean. Description: A valid search expression that contains quotes. Description: A valid search expression that does not contain quotes. Syntax: | ( ) | eval( ) Description: A search or eval filtering expression which if satisfied by an event marks the end of a transaction. These options are used with the startswith and endswith arguments. unifyends Syntax: unifyends= true | false Description: Whether to force events that match startswith/endswith constraint(s) to also match at least one of the fields used to unify events into a transaction. Default: 1000 startswith Syntax: startswith= Description: A search or eval filtering expression which if satisfied by an event marks the beginning of a new transaction. If the value is negative this constraint is disabled. Default: -1 (no limit) maxevents Syntax: maxevents= Description: The maximum number of events in a transaction. If value is negative, the maxpause constraint is disabled and there is no limit. Default: -1 (no limit) maxpause Syntax: maxpause= Description: Specifies the maximum length of time in seconds, minutes, hours, or days for the pause between the events in a transaction. If the value is negative, the maxspan constraint is disabled and there is no limit. Events that exceed the maxspan limit are treated as part of a separate transaction. The events in the transaction must span less than integer specified for maxspan. Default: false maxspan Syntax: maxspan= Description: Specifies the maximum length of time in seconds, minutes, hours, or days that the events can span. The results that are passed through as “orphans” are distinguished from transaction events with a _txn_orphan field, which has a value of 1 for orphan results. keeporphans Syntax: keeporphans=true | false Description: Specify whether the transaction command should output the results that are not part of any transactions. Default: true endswith Syntax: endswith= Description: A search or eval expression which, if satisfied by an event, marks the end of a transaction. If an event contains fields required by the transaction, but none of these fields have been instantiated in the transaction (added with a previous event), this opens a new transaction (connected=true) or adds the event to the transaction (connected=false). Txn definition options connected Syntax: connected= Description: Only relevant if a field or fields list is specified. You can use multiple options to define your transaction. txn_definition-options Syntax: | | | | | | | Description: Specify the transaction definition options to define your transactions. They are not required, but you can use 0 or more of the options to define your transaction. rendering-options Syntax: | | | Description: These options control the multivalue rendering for your transactions. If you provide other transaction definition options (such as maxspan) in this search, they overrule the settings in the configuration file. This runs the search using the settings defined in this stanza of the configuration file. name Syntax: name= Description: Specify the stanza name of a transaction that is configured in the nf file. memcontrol-options Syntax: | | Description: These options control the memory usage for your transactions. For each client_ip value, a separate transaction is returned for each unique host value for that client_ip. For example, suppose two fields are specified: client_ip and host. The events are grouped into transactions, based on the unique values in the fields. optional arguments field-list Syntax: … Description: One or more field names. Reading: transaction – Splunk Documentation transaction Required arguments
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |