When should transaction be used?
When should transaction be used?
The transaction command in Splunk is used when event grouping is based on start/end values. This is especially useful in scenarios where you need to see events correlated together over a duration or session that spans multiple events. For example, tracking a user session on a website from the start (login) to the end (logout) would require grouping these events based on their start and end values.
When event grouping is based on start/end values.
C is correct answer .
Answer is C
C is the answer Page 135. Use transaction when you - Need to see events correlated together - Must define event grouping based on start/end values or segment on time
Only C NOT B
The transaction command is most useful in two specific cases: When a unique ID (from one or more fields) alone is not sufficient to discriminate between two transactions. This is the case when the identifier is reused, for example web sessions identified by cookie or client IP2. When event grouping is based on start/end values
C is correct answer
B would be for stats. Answer is obviously C.
| Search is more appropriate for B.
C is correct answer. ONLY use transaction when you - Need to see events correlated together OR - Must define event grouping based on start/end values or segment on time
Definately C
answer is C
C is the correct
wow. will this exam be updated for correct answers? it's C!
Only use "transaction" when you- Need to see events correlated together, - Must define event grouping based on start/end values or segment on time.
C Is the correct answer
Correct answer is C. Transactions are events that span time hence the Start/ End values