We have below Splunk query:
sourcetype=f5_access_log rescode=429 | transaction node,rescode maxevents=-1 maxpause=1s | search eventcount>1 duration > 1 | bin span=5 duration | top 100 duration
Can some one please help me in understanding transaction part of the query and how to implement the similar query in Elastic.
What do the Splunk docs say about the transaction part? I don't know that a heap of people that know it would be hanging out here.
ok let me check my self. I will update this thread after my analysis.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.