We want to get the total time taken by a transaction (Log analysis). transaction command in Splunk gives two fields duration and eventcount when the transaction command has been used. How this can be achieved in ELK stack?
Thanks. This would need changing the time series indexing - the daily indexing structure. Is there way to accomplish using the daily log indexing index structure.
In the video I am talking about creating an ancillary index alongside your usual time series log index - that does not go away.
If you are talking about organising your entity index into time-based indices to help deal with purging old transactions, your code will need to deal with scenarios where transactions span the time boundary you choose for grouping entity indexes.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.