Database Reference
In-Depth Information
The grouping command
There is only one grouping command that we describe in the following table, although
there are others. It is an important one, as it allows you to group selected events together
(note that grouping can also be done through the stats command):
Command
What it Does
A transaction takes selected events and groups them together.
transaction ipaddress host maxspan=60s
transaction
groups together all events with the same combination of
ipaddress
and
host
, where the first and last
event are no more than
60
seconds apart.
