Hello, I have a problem I could use some help with.
I need to extract data from a XML log file (entries are labelled ) in Splunk. I have to upload an XML log file, and it uploads as a text string. Here is the XML sample:
<LOG><ENTRY><VRIJEME>2010-08-12T10:38:26</VRIJEME><CC>9369175136276314</CC><IZNOS>6427.91</IZNOS></ENTRY><ENTRY><VRIJEME>1998-06-17T04:13:55</VRIJEME><CC>6675476885047681</CC><IZNOS>72452.87</IZNOS></ENTRY>......</LOG>
I use ISO time (YYYY-MM-DDTHH:MM:SS). This way Splunk automatically recognized the first timestamp in the string. I want to break the text in separate events so that Splunk can take the timestamp from each line.
I tried to add LINE_BREAKER = ([\r\n]*)<ENTRY> (this worked for the non-ISO time, where Splunk did not recognize the timestamp), but Splunk gets stuck at 100%.
Thanks! Cheers!
... View more