Refine your search:

Transaction missing fields

1

I have a search defining a Transaction across (2) different log files. The problem is that some fields (not all) are missing in the results when using the transaction command. When I search for the events in the individual logs, the fields are present. Any ideas? These are all FIELD=VALUE.

asked 26 Jan '11, 17:16

ericrobinson's gravatar image

ericrobinson
1712114
accept rate: 0%

Are they still missing if you use |fields and specify that field? (I'd guess yes, but don't know.)

(27 Jan '11, 07:11) jrodman ♦

I am noticing this problem too. When I search for the first event in my transaction, I see 100% of them with the dest field. When I transact them together with a few nearby log entries that do not have dest fields, ... SOME transactions have dest, some do not.

(24 Mar '11, 16:00) Jason
Be the first one to answer this question!
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×176

Asked: 26 Jan '11, 17:16

Seen: 563 times

Last updated: 26 Jan '11, 17:16

Related questions

Operations on Transaction Fields

Unexpected Transaction Grouping

Transaction failures

Relating 2 different fields within a transaction

Maximum number of fields that can be displayed?

Transaction Search Using different fields across multiple logs

transaction and conditional logic

Help with transaction search

Copyright © 2005-2012 Splunk Inc. All rights reserved.