SPLK-1002 Exam QuestionsBrowse all questions from this exam
Go to Exam

SPLK-1002 Exam - Question 20

When should transaction be used?

Show Answer
Correct Answer: C

The transaction command in Splunk is used when event grouping is based on start/end values. This is especially useful in scenarios where you need to see events correlated together over a duration or session that spans multiple events. For example, tracking a user session on a website from the start (login) to the end (logout) would require grouping these events based on their start and end values.

Discussion

23 comments
Sign in to comment
oksey
Aug 31, 2020

When event grouping is based on start/end values.

sid2051
Sep 12, 2020

C is correct answer .

Sandy_1988
Nov 3, 2020

C is the correct ans.

Glat
Dec 16, 2020

Answer is C. See P135 of F2

huu_nguyenOption: C
Jan 25, 2022

Answer is C

Lalithadevi
Apr 4, 2021

C Is correct. See Page 134 F2

yuyulinOption: C
Dec 16, 2021

C is correct answer .

jackvn6
Sep 26, 2022

Only C NOT B

hawxxx
Jul 15, 2023

C is the answer Page 135. Use transaction when you - Need to see events correlated together - Must define event grouping based on start/end values or segment on time

teems5uk
Sep 19, 2021

C is the correct answer. Fun2(page 135) • Only use transaction when you: – Need to see events correlated together – Must define event grouping based on start/end values or segment on time

fsanchezsOption: C
Apr 25, 2022

C is the correct

gibla1929Option: C
Apr 29, 2022

answer is C

NightSharkOption: C
Jun 10, 2022

Definately C

MxQ3
Jun 24, 2022

C is correct answer. ONLY use transaction when you - Need to see events correlated together OR - Must define event grouping based on start/end values or segment on time

Jack__Option: C
Jul 18, 2022

| Search is more appropriate for B.

emergency_goudaOption: C
Jul 24, 2022

B would be for stats. Answer is obviously C.

Dree_DoggOption: C
Aug 16, 2023

C is correct answer

kruasanOption: C
Sep 6, 2023

The transaction command is most useful in two specific cases: When a unique ID (from one or more fields) alone is not sufficient to discriminate between two transactions. This is the case when the identifier is reused, for example web sessions identified by cookie or client IP2. When event grouping is based on start/end values

gatundu_
Jan 8, 2024

Correct answer is C. Transactions are events that span time hence the Start/ End values

tineboy46
Feb 9, 2024

C Is the correct answer

varmaTrainerOption: C
May 3, 2024

Only use "transaction" when you- Need to see events correlated together, - Must define event grouping based on start/end values or segment on time.

47e09fb
Jul 4, 2024

wow. will this exam be updated for correct answers? it's C!

voiddraco
Sep 9, 2024

did you pass?

KenNudho
Aug 21, 2024

Answer is C, B can be done with the more efficient stats command.