- Splunk Operational Intelligence Cookbook
- Josh Diakun Paul R Johnson Derek Mock
- 47字
- 2025-04-04 16:53:03
How it works...
Let's break down the search piece by piece:
The transaction command is an extremely resource-intensive (CPU/memory) search command. When using this command, be sure to use the maxspan function where possible, as this helps focus on transactions grouped only within the specified maxspan timeframe.