{"id":800,"date":"2013-02-21T02:06:22","date_gmt":"2013-02-21T02:06:22","guid":{"rendered":"https:\/\/cowman-chiang.no-ip.org\/wordpress\/?p=800"},"modified":"2019-06-20T10:26:12","modified_gmt":"2019-06-20T02:26:12","slug":"splunk-transaction-%e6%9f%a5%e8%a9%a2%e4%b8%80%e6%ae%b5%e7%9b%b8%e8%bf%91%e6%99%82%e9%96%93%e4%b9%8b%e7%b4%af%e7%a9%8d%e8%b3%87%e8%a8%8a","status":"publish","type":"post","link":"https:\/\/cowmanchiang.me\/wp\/?p=800","title":{"rendered":"Splunk – Transaction \u67e5\u8a62\u4e00\u6bb5\u76f8\u8fd1\u6642\u9593\u4e4b\u7d2f\u7a4d\u8cc7\u8a0a"},"content":{"rendered":"

sourcetype=”\u4f86\u6e90\u578b\u614b” | rex “(?i) .? User (?P<pop3_failed_id>[^<\/em>.]+) login failed.” | search pop3_failed_id=”<\/em>” | transaction \u5224\u65b7\u8cc7\u8a0a<\/span> maxevents=2000 keepevicted=true | concurrency duration=duration | eval duration=tostring(duration,”duration”)<\/p>\n

\u539f\u7406\u6709\u9ede\u50cf\u662f\u5c07\u6240\u6709\u4e8b\u4ef6\u8dd1\u904e\u4e00\u6b21\uff0c\u7136\u5f8c\u628a\u76f8\u8fd1\u6642\u9593\u7684\u5224\u65b7\u8cc7\u8a0a\u653e\u5728\u540c\u4e00\u7b46\u4e8b\u4ef6\u4e2d
\n\u4e00\u822c\u9810\u8a2d\u55ae\u7b46\u4e8b\u4ef6\u50c5\u986f\u793a500\u7b46\u8cc7\u8a0a
\n\u4f46\u662f\u6709\u6642\u5019\u53ef\u80fd\u6703\u662f\u597d\u5e7e\u842c\u7b46\u8cc7\u8a0a\u5c31\u6703\u88ab\u62c6\u6210\u597d\u5e7e\u7b46\u4e8b\u4ef6\uff0c\u5c07\u9020\u6210\u4e8b\u4ef6\u6578\u5b57\u5224\u8b80\u4e0a\u7684\u4e0d\u4fbf
\n\u56e0\u6b64\u53ef\u4ee5\u9032\u884c\u4e0b\u9762\u7684\u52d5\u4f5c<\/p>\n

    \n
  1. \u5c07<\/li>\n<\/ol>\n
    \/opt\/splunk\/etc\/apps\/search\/default\/data\/ui\/views\/flashtimeline.xml<\/pre>\n
    \u6a94\u6848\u8907\u88fd\u5230<\/p>\n
    \/opt\/splunk\/etc\/apps\/search\/local\/data\/ui\/views\/flashtimeline.xml<\/pre>\n
      \n
    1. \u7de8\u8f2f<\/li>\n<\/ol>\n
      \/opt\/splunk\/etc\/apps\/search\/local\/data\/ui\/views\/flashtimeline.xml<\/pre>\n
      \u641c\u5c0b<\/p>\n
      <\/pre>\n
      \u5728\u4e0b\u9762\u63d2\u5165<\/p>\n
      \u6578\u5b57<\/param><\/pre>\n
      \u6703\u8b8a\u6210<\/p>\n
      \n\n        \n        \u6578\u5b57<\/param>\n\n        full<\/param>\n\n        report_builder_format_report<\/param>\n\n<\/module>\n<\/pre>\n
      \u539f\u5ee0\u5efa\u8b70\u6578\u5b57\u4e0d\u8981\u8d85\u904e1000\uff0c\u4ee5\u514d\u9020\u6210\u7cfb\u7d71\u8ca0\u64d4\u904e\u91cd\uff0c\u4f46\u5be6\u969b\u9084\u662f\u8acb\u8996\u9700\u8981\u8abf\u6574<\/p>\n
        \n
      1. \u91cd\u65b0\u555f\u52d5Splunk<\/li>\n<\/ol>\n
        \u9019\u6a23\u61c9\u8a72\u5c31\u53ef\u4ee5\u628a\u5f88\u591a\u7b46\u8cc7\u8a0a\u585e\u5230\u4e00\u7b46\u4e8b\u4ef6\u4e2d\u4e86<\/p>\n","protected":false},"excerpt":{"rendered":"
        sourcetype=”\u4f86\u6e90\u578b\u614b” | rex “(?i) .? User (?P<pop3_failed_id>[^.]+) login failed.” | search pop3_failed_id=”” | transaction \u5224\u65b7\u8cc7\u8a0a maxevents=2000 keepevicted=true | concurrency duration=duration | eval duration=tostring(duration,”duration”) \u539f\u7406\u6709\u9ede\u50cf\u662f\u5c07\u6240\u6709\u4e8b\u4ef6\u8dd1\u904e\u4e00\u6b21\uff0c\u7136\u5f8c\u628a\u76f8\u8fd1\u6642\u9593\u7684\u5224\u65b7\u8cc7\u8a0a\u653e\u5728\u540c\u4e00\u7b46\u4e8b\u4ef6\u4e2d \u4e00\u822c\u9810\u8a2d\u55ae\u7b46\u4e8b\u4ef6\u50c5\u986f\u793a500\u7b46\u8cc7\u8a0a \u4f46\u662f\u6709\u6642\u5019\u53ef\u80fd\u6703\u662f\u597d\u5e7e\u842c\u7b46\u8cc7\u8a0a\u5c31\u6703\u88ab\u62c6\u6210\u597d\u5e7e\u7b46\u4e8b\u4ef6\uff0c\u5c07\u9020\u6210\u4e8b\u4ef6\u6578\u5b57\u5224\u8b80\u4e0a\u7684\u4e0d\u4fbf \u56e0\u6b64\u53ef\u4ee5\u9032\u884c\u4e0b\u9762\u7684\u52d5\u4f5c \u5c07 \/opt\/splunk\/etc\/apps\/search\/default\/data\/ui\/views\/flashtimeline.xml \u6a94\u6848\u8907\u88fd\u5230 \/opt\/splunk\/etc\/apps\/search\/local\/data\/ui\/views\/flashtimeline.xml \u7de8\u8f2f \/opt\/splunk\/etc\/apps\/search\/local\/data\/ui\/views\/flashtimeline.xml \u641c\u5c0b \u5728\u4e0b\u9762\u63d2\u5165 \u6578\u5b57 \u6703\u8b8a\u6210 \u6578\u5b57 full report_builder_format_report … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[77],"tags":[],"class_list":["post-800","post","type-post","status-publish","format-standard","hentry","category-splunk"],"_links":{"self":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=800"}],"version-history":[{"count":1,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/800\/revisions"}],"predecessor-version":[{"id":2093,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/800\/revisions\/2093"}],"wp:attachment":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}