To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?
Index-main | REJECT trans sessionid
Index-main | transaction sessionid | search REJECT
Index=main | transaction sessionid | whose transaction=reject
Index=main | transaction sessionid | where transaction=reject’’
Submit