![]() ![]() Required arguments duration Syntax: duration= Description: A field that represents a span of time. This command does not measure the total number of events that a particular event overlapped with during its total span. Alternatively, this measurement represents the total number of events in progress at the time that each particular event started, including the event itself. Read the stats command reference for more information about using the search command.Concurrency measures the number of events which have spans that overlap with the start of each event. Sourcetype=access_combined | stats dc(cookie) as sessions by clientip | sort -sessions Sourcetype=access_combined | stats count by clientip | sort -countĪlso, if you wanted to compute the number of distinct session (parameterized by cookie) per clientip in an access log: Similarly, if you wanted to compute the number of hits per clientip in an access log: * | stats min(_time) AS earliest max(_time) AS latest by session_id | eval duration=latest-earliest | stats min(duration) max(duration) avg(duration) median(duration) perc95(duration) If you want to compute aggregate statistics over transactions that are defined by data in a single field, use the stats command.įor example, if you wanted to compute the statistics of the duration of a transaction defined by the field session_id: Transactions aren't the most efficient method to compute aggregate statistics on transactional data. When to use stats instead of transactions To learn more about configuring transaction types, read "Configure transaction types," in this manual. To learn more about searching with transaction, read "Identify and group events into transactions" in the Search Manual.Īfter you create a transaction search that you find worthy of repeated reuse, you can make it persistable by adding it to nf as a transaction type. You can also use the transaction command to override transaction options that you have configured in nf. Study the transaction command topic to get the full list of available options for the command. Design a transaction that finds event groups where the final event contains a specific text string (set with the endswith option).Find groups of related events where the total number of events does not exceed a specific number (set with the maxevents option).Find groups of events where the span of time between included events does not exceed a specific value (set with the maxpause option). ![]() Find groups of events where the first and last events are separated by a span of time that does not exceed a certain amount (set with the maxspan option).See the documentation of the command in the Search Reference for a variety of examples that show you how you can: Use the transaction command and its options to define a search that returns transactions (groups of events). Other kinds of transactions include web access, application server downloads, emails, security violations, and system failures.Ī transaction search enables you to identify transaction events that each stretch over multiple logged events. If you were to define it as a transaction type you might call it an "item purchase" transaction. a purchase fulfillment event logged by the fulfillment application, which also includes the shipping status of the item that the customer purchased.Īll of the events highlighted here, when grouped together, represent a single user transaction. a message queue event, which contains a message ID. The transaction ID in that application server event also appears in. a corresponding event in the application server log, which also contains related account, product, and transaction IDs. A set of web access events share a session ID with.Similar events from different hosts and different sources.įor example, a customer purchase in an online store could generate a transaction that ties together events from several sources:.Different events from different sources from the same host.Different events from the same source and the same host.A transaction type is a transaction that has been configured in nf and saved as a field. A transaction is a group of conceptually-related events that spans time. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |