I am new to Splunk and have been messing with this for about a week so I am looking to the community to help. I pretty much have multiple xml errors that I am trying to extract the error code "VOSCM0000I", the severity "Info" and the message "Transaction successful" out of multiple lines over a duration. Top offender over a period of time.
Any thoughts?
<ResponseMessage>
<mes:StatusCode>1</mes:StatusCode>
<mes:BusinessMessage>
<mes:Code>VOSCM0000I</mes:Code>
<mes:Severity>Info</mes:Severity>
<mes:LocalizedMessage>Transaction successful</mes:LocalizedMessage>
</mes:BusinessMessage>
<mes:BusinessMessage>
<mes:Code>RENTAL003067</mes:Code>
<mes:Severity>Error</mes:Severity>
<mes:FieldName>ValidateTicketInput.ticket</mes:FieldName>
<mes:LocalizedMessage>Total renter charge amount for this ticket obtained from pricing and payment is not matching.</mes:LocalizedMessage>
</mes:BusinessMessage>
</ResponseMessage>
... View more