I am doing the labs for Fundamentals Part 2 and I am not understanding something I have to use the startswith and endswith options of the transaction command to display transactions that begin with an addtocart action and end with a purchase action. The end result should look like this The successful query for that is index=web sourcetype=access_combined
| transaction clientip startswith=action="addtocart" endswith=action="purchase"
| table clientip, JSESSIONID, product_name, action, duration, eventcount, price However, when I try the following query index=web sourcetype=access_combined
| transaction clientip startswith="addtocart" endswith="purchase"
| table clientip, JSESSIONID, product_name, action, duration, eventcount, price the output (shown below) I get is not correct I am interested to know why omitting the "action" filter with startswith and endswith give me a different result and doesn't group them anymore? Thank you in advance for your help
... View more