Transaction in Splunk, transaction vs stats command - Data Analysis Tutorial
ฝัง
- เผยแพร่เมื่อ 7 ม.ค. 2025
- Transaction in Splunk, transaction vs stats command is a free tutorial by Bigdata ABC from Data Analysis course
Link to this course(Special Discount):
www.udemy.com/...
This is the best Data Analysis Course
Course summary:
Understand how Splunk can be used to analyze data set
Create your own Dashboard using Pivot & Datamodel
Analyze and Develop dashboard using Apache access log
You will be able to setup Splunk Enterprise and manage & administer a Splunk deployment
Create your own searches and develop Dashboard, Report
Understand what Splunk is for, and how it works
You will be prepared for the interview after completing this course
English [Auto]
Hi welcome to this lecture in this lecture I'm going to don't discuss about time you can come on in this block. First I'm going to talk about what is Grand Junction. Grand Junction is a related group of events in a span of time. For example in all any store if you play any online store application that transaction happen from application to pick it up and then database. So one transaction occurs in three different places. An example of a single web site visit when anyone plugs in any web site that it takes as HTML go Dallas clipboard s.c.s files images have set in single click. It takes a different components Karlo and kind of injection. Now I'm going to talk about conure can come on for kind of come on. You need to read such then by injection and feels you can do multiple full here with one two three etc.. So Haley that example you can see three different components applications are wadded up. Is there any other cell and any user clicks in application then these three events or locks are generated in three different components. So here you can see there the one common the 1001 in all three different things you can write a search you can get all Lawks or events from applicants or database and any other so you can use some Come on then for I.D. It will combine all three different events in a single event and it could group these three events based on the field. So here in this example you can see how times looks and come on is used to group the events based on fair values. I live for the same thousand one in all these three events. So it's great a group with these three events. So this single event with all three different events. Now I am giving one example here. So here you can see search index lapse those type Xs and the combined type transaction product. This search group all events with same person living here you can see this is one single iMac and it contains all events with same Patrick early as a five and B is high and 0 1. So you can see here this is the first event the second event and the third event and all events are having seen properly and all events are combined in a single event to highlight that I will highlight the full name Bernat early anyway so you can see highlighted voter ID here. Grinderman commands Jean-Luc's Do you fools. Duration and even go do it. So there are differences between the time stamps of the fuss he made and the last event in action and feel he went wrong was the number of events in the Constitution. So here you can see such an ingenious two phrase division and even call. Now I'm going to talk about Konstanz in time and come on. So you can do option argument or constrained Max span with the Mac expand option. You can apply and get maximum time between our list and letus events in the Danya action. So Maxixe paniculata means the maximum difference between our list and latest events will be delaminate and if any event is after columnar then it will go to the next transition before it is minus 1. That means there's no limit. You can use emacs pause option for maximum total time between events. So when you combine events in one transaction you can apply this concept. And if the time difference between events is more than one minute you can exclude by using this option that defines the minus one. That means there is no limit. You can use cards the option of onstream and by using this you can create a transaction where the first hearing you start with this keyword you can use starts with with a key word. Let's start with some key name injection. We are fast events. We'll start with this keyboard. And in and so it can strain you can you end with it called Kiwa and it will predict transition where the last event will contain and key words. You can also use Macsyma events for Danya by using max events option on screen. Here's an example. In this search here you can see Max he wants to do. That means there can be a maximum do events in one granulation. So here you can see in output. This is the first he went and the second he went in one direction or in one single event. And also in second
