Exam4Training

What do events in a transaction have In common?

What do events in a transaction have In common?
A . All events In a transaction must have the same timestamp.
B . All events in a transaction must have the same sourcetype.
C . All events in a transaction must have the exact same set of fields.
D . All events in a transaction must be related by one or more fields.

Answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Abouttransactions

A transaction is a group of events that share some common characteristics, such as fields, time, or both. A transaction can be created by using the transaction command or by defining an event type with transactiontype=true in props.conf. Events in a transaction have one or more fields in common that relate them to each other. For example, you can create a transaction based on JSESSIONID, which is a unique identifier for each user session in web logs. Events in a transaction do not have to have the same timestamp, sourcetype, or exact same set of fields. They only have to share one or more fields that define the transaction.

Exit mobile version