+1 813-603-1230        usa@cyberchasse.com
Cyber Chasse- Transaction Command

07 May Transaction Command

Posted at 20:08h in Programming Languages by
  • A transaction type in general is a configured transaction which is saved as a separate field and applied in concurrence with the transaction command.
  • A transaction is a cluster of conceptually-related events that covers time. It acts as a chain of events connected to a firewall intrusion incident.    
  • An infinite number of data sources can create transactions over numerous log entries. 
  • Based on the events that encounter diverse constraints, the transaction command detects transactions. 
  • Transactions are built with the help of each member’s raw text (the _raw field), the date and time fields of the earliest member, along with the fusion of all other fields of each member. 
  • Besides, this command adds fields named duration and eventcount to the raw events. 
  • The duration field values display the variation between the timestamps for the transaction’s first and last events. 
  • The eventcount field values show the total number of events occurring in the transaction. 
  • You can use a transaction search for supervision of stretching of any physical event over several logged events.  
  • This command helps in defining a transaction or overrule transaction option mentioned in transactiontypes.conf. 
  • Transaction search is majorly used to group several events into a meta-event that depicts a single physical event. 
  • You can apply filtering before the command to run the search faster. 
Transaction Command

Example:  
 
1. Transactions with the Same Type 
When we execute the this command on the “Type” field, the transaction command adds fields named duration and eventcount automatically. The events get grouped into transactions depending on the “Type” values. 
 
 
 
2. Transaction Command with Maxevent 
The command strictly restricts each transaction to a maximum of 10 events as we use maxevent=10. 
 

Transaction Command

 
 
 
3. Based on an event’s “startwith” and “endwith” calculate the duration. 
An event filtering search starts with ”Start collecting” string and ends with “End collecting”. Create a transaction that begins and ends with “Start collecting” and “End collecting”. While using the transaction command, the fields “duration” and “eventcount” gets created. 

Transaction Command

Feel free to leave your comments and queries in the comment box below and for more interesting topics follow us on Social Media. Happy Splunking > 😉

Print page
2 Likes