Splunk to Elastic query migration

ravitandur · July 3, 2019, 12:48pm

We have below Splunk query:

sourcetype=f5_access_log rescode=429 | transaction node,rescode maxevents=-1 maxpause=1s | search eventcount>1 duration > 1 | bin span=5 duration | top 100 duration

Can some one please help me in understanding transaction part of the query and how to implement the similar query in Elastic.

warkolm · July 5, 2019, 8:08am

What do the Splunk docs say about the transaction part? I don't know that a heap of people that know it would be hanging out here.

ravitandur · July 8, 2019, 6:57am

ok let me check my self. I will update this thread after my analysis.

system · August 5, 2019, 7:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is there anybody who has stduied splunk transaction search using elasticsearch? Elasticsearch	2	969	July 6, 2017
How can we convert Splunk query into Elastic Query Elasticsearch	1	1344	January 15, 2021
Migrating Splunk query to Elastic Elasticsearch	4	1879	May 1, 2019
Translating a simple Splunk query resulted into 200 lines of Elasticsearch DSL - is there a better way? Elasticsearch	3	1498	July 5, 2017
Transaction command equivalent in ELK Elasticsearch	4	2385	July 14, 2017

Splunk to Elastic query migration

Related topics