{"id":25455,"date":"2020-11-20T20:07:06","date_gmt":"2020-11-20T20:07:06","guid":{"rendered":"https:\/\/merikebi.warrenmyers.com\/?p=25455"},"modified":"2020-11-20T20:07:06","modified_gmt":"2020-11-20T20:07:06","slug":"answer-by-warren-for-avoid-using-transaction-in-splunk-queries","status":"publish","type":"post","link":"https:\/\/merikebi.warrenmyers.com\/?p=25455","title":{"rendered":"Answer by warren for Avoid using Transaction in splunk queries"},"content":{"rendered":"

Typically<\/em>, stats<\/code><\/a> will be found to be your friend here<\/p>\n

However, without seeing sample data or what actual<\/em> SPL you have tried so far, any answer is mostly going to be speculation \ud83d\ude42<\/p>\n

I’ll happily update this answer if\/when you provide such, but here’s a possible start:<\/p>\n

(index=ndxA sourcetype=srctpA "search log 1" r=*) OR (index=ndxB sourcetype=srctpB "search log 2" r=*)\n| stats min(_time) as begintime max(_time) as endtime values(index) as rindex values(sourcetype) a rsourcetype by r\n| eval begintime=strftime(begintime,"%c"), endtime=strftime(endtime,"%c")\n<\/code><\/pre>\n
from User warren – Stack Overflow https:\/\/stackoverflow.com\/questions\/64900813\/avoid-using-transaction-in-splunk-queries\/64936101#64936101
\nvia IFTTT<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Typically, stats will be found to be your friend here However, without seeing sample data or what actual SPL you have tried so far, any answer is mostly going to be speculation \ud83d\ude42 I’ll happily update this answer if\/when you provide such, but here’s a possible start: (index=ndxA sourcetype=srctpA "search log 1" r=*) OR (index=ndxB …
Continue reading Answer by warren for Avoid using Transaction in splunk queries<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[991],"keyring_services":[],"class_list":["post-25455","post","type-post","status-publish","format-standard","hentry","category-blih","tag-stackexchange"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=\/wp\/v2\/posts\/25455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=25455"}],"version-history":[{"count":1,"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=\/wp\/v2\/posts\/25455\/revisions"}],"predecessor-version":[{"id":25456,"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=\/wp\/v2\/posts\/25455\/revisions\/25456"}],"wp:attachment":[{"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=25455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=25455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=25455"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/merikebi.warrenmyers.com\/index.php?rest_route=%2Fwp%2Fv2%2Fkeyring_services&post=25455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}