![]() Txn definition options connected Syntax: connected= Description: Only relevant if a field or fields list is specified. You can use multiple options to define your transaction. txn_definition-options Syntax: | | | | | | | Description: Specify the transaction definition options to define your transactions. They are not required, but you can use 0 or more of the options to define your transaction. rendering-options Syntax: | | | Description: These options control the multivalue rendering for your transactions. If you provide other transaction definition options (such as maxspan) in this search, they overrule the settings in the configuration file. This runs the search using the settings defined in this stanza of the configuration file. name Syntax: name= Description: Specify the stanza name of a transaction that is configured in the nf file. memcontrol-options Syntax: | | Description: These options control the memory usage for your transactions. For each client_ip value, a separate transaction is returned for each unique host value for that client_ip. For example, suppose two fields are specified: client_ip and host. The events are grouped into transactions, based on the unique values in the fields. See About transactions in the Search Manual. The values in the eventcount field show the number of events in the transaction. The values in the duration field show the difference between the timestamps for the first and last events in the transaction. ![]() Transactions are made up of the raw text (the _raw field) of each member, the time and date fields of the earliest member, as well as the union of all other fields of each member.Īdditionally, the transaction command adds two fields to the raw events, duration and eventcount. The transaction command finds transactions based on events that meet various constraints.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |