Dashboards & Visualizations

How do I extract field values from XML logs?

aruotolo
New Member

Hi,

I have log files containing text and XML. I need to extract all fields from the XML rows.

alt text

I tried using

Props.conf:

TRUNCATE = 0
NO_BINARY_CHECK = 1
pulldown_type = 1
KV_MODE = xml
TRANSFORMS = itepm339-xml

And transforms.conf

REGEX = \<(\w+[^\n\/\>]+)\/?\>([^\<\n][^\<]*)\<
FORMAT = $1::$2

It works, but extracts only the first couple field-value from XML:

alt text

Please can you help me to understand what i am missing?

Tags (2)
0 Karma

nswondem
Path Finder

Hello aruotolo,

Please refer to a previously answered question at https://answers.splunk.com/answers/587570/index-time-field-extraction-for-xml-data-1.html

Thanks
nswondem

0 Karma

aruotolo
New Member

Hi @Nswondem

but the page of your link doesn't exist error 404.

Alfredo

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

hi @nswondem,

there was just a typo in that link. I've removed it, and now you should be able to click it. Hopefully it helps you with your query! Let us know.

Thanks for posting!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...