- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: how to visualize XML in SPLUNK
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how to visualize XML in SPLUNK
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
here is the sample xml i have.
Tove
Jani
Reminder1
Don't forget me this weekend!
Reminder2
Don't forget me that weekend!
Reminder3
Don't forget me last weekend!
can we show this in some simple diagram.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rajgowd1
Whenever sharing any sample code on this site you have to highlight the entire block of code and click on the "Sample Code" button in the text editing tools for it to show properly. Your sample XML isn't showing properly. Please edit your comment
Also, as everyone else is saying, you need to be more specific when asking for help here on Splunk Answers. What type of visualization are you looking for? What data points are you trying to display? People can't help you with 1 sentence of information. Please provide more details.
I saw in one of your previous questions that you're new to Splunk. How new are you? What Splunk education have you done or what documentation have you read?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I am new to splunk and just got trained 1 week back.and I am trying to explore and reading more.
Actually I have written a script to find the latest file which is modified recently and from the same script I am calling another script which gives you difference between new and old files.and then redirecting to sample text file.
So I am just trying is there a way to implement the same in splunk.
Sorry for the trouble if my question is wrong.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you mean by "visualize"? XML is a text format, so you can certainly input XML into Splunk. You can tell Splunk how to break up your file into events. And you can have Splunk extract the available fields. There are a bunch of ways to do these things, and once they are done, you can do any sort of reporting that you like.
As a starter, you can tell Splunk to do field extractions for your XML file by including the following in props.conf
[yoursourcetypehere]
KV_MODE=xml
There are a lot of other XML questions and answers on the forum. If you were to show a sample of the XML file, with a more specific question, the community could provide a lot more information.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please be more specific. Where is the "config XML file"? Is it already indexed in Splunk? What do you want the output to look like?
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry for the confusion.
my question is
is it possible to monitor the file on file SAVE.
and once the file is saved,is it possible to find the difference between old and new file.
and
finally i want to show the difference in XML format.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
