Getting Data In

No data displayed when extract fields from xml data in a log file using xpath

3618475
Engager

I am using Splunk to extract a number of fields from xml data this is contained in a log file.
The file is very large. This is part of it.

 xmlns:ns2="http://ground.fedex.com/schemas/linehaul/TMSCommon">
   PURCHASEDLINEHAUL
   APPROVE
   116029927
   104257037
   104257037
   1
   2020-02-20T21:53:39.000Z
.... more lines here that are not important


         1587040
         FXTR
         DRAY
         RULE
         PZ1

            923
            RLTO
            330 RESOURCE DRIVE
            LH PHONE 877-851-3543
            true

This query selects the xml part text in the logging file and some of the fields are extracted and I can add to a table. (not including the source and sourcetype..)

| xmlkv | table purchCostReference, eventType, carrier, billingMethod

But need more fields that are child elements within the xml data. One of them is the numberCode. I am trying to use xpath to extract these additional fields.

| xmlkv | xpath
"//tmsTrip/purchasedCost/purchasedCostTripSegment/origin/ns2:numberCode"

outfield=Origin | table
purchCostReference, eventType,
carrier, billingMethod, Origin

But no Origin data is returned when I add the field to the table. There is no error. The Origin column is empty.
What am I doing wrong with the xpath command that it is not showing any data?

0 Karma

to4kawa
Ultra Champion
...
| xmlkv | spath path="tmsTrip.purchasedCost.purchasedCostTripSegment.origin.ns2:numberCode" output=Origin
| table purchCostReference, eventType,carrier, billingMethod, Origin
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...