- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Is it possible to use the xmlutils app to xml pret...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a case where log file include an straight text header in front of well form xml.
Here is an exmple:
2017-09-05T13:14:02.869Z, ap=695449, xml="well formed xml"
The Bold is the straight text in front of the XML.
Is it possible to use xmlutils to xml pretty print just a single field? Perhaps as a function?
One problem is exporting data, but keeping the time stamp and ap field.
I have been trying to work around this by incorporating the time stamp into a larger xml piece and am near to having that working, but I come up with data that web xml validators like, but that still blow up pretty print.
Doing the xml print on just a field is likely the best solution, if someone can help.
Using Splunk 6.5. xmlutils seems to have installed and be working okay.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It does just pretty print one field, either the field "xml" or the field "_raw", in that order.
So, if you did something like:
query... | table _time ap xml | xmlprettyprint
The field xml would be pretty printed.
Unfortunately, you can't see it in a table in Splunk, because all white space is collapsed in a table view. You'd need to put the table on a dashboard and add some css to preserve the whitespace. The whitespace should survive in an export, though.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It does just pretty print one field, either the field "xml" or the field "_raw", in that order.
So, if you did something like:
query... | table _time ap xml | xmlprettyprint
The field xml would be pretty printed.
Unfortunately, you can't see it in a table in Splunk, because all white space is collapsed in a table view. You'd need to put the table on a dashboard and add some css to preserve the whitespace. The whitespace should survive in an export, though.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks much! I am in process of trying this. I have a similar case with some JSONs. I also was able to get pretty printing via using fairly ugly sedcmds to turn the whole log into a single XML expression.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
