I'm new to splunk and just started using it. I want to monitor xml files in a directory. I have used summary indexing.
Splunk for some reason couldn't automatically extract those fields,hence I have used spath to extract fields like region and customerName
Xml files have structure as below:
<Details>
<Name>ABC</Name>
<UniqueID>23872378</UniqueID>
<Count>4</Count>
<Location>
<Region>Some Region</Region>
<Country>Any Country</Country>
<State>Any State in Country</State>
<City>Any City in State</City>
</Location>
</Details>
<Customers>
<Customer Name="ABCD XYZ" Address="asdjasdjksj" Contact="2387387843" Email="someone@email.com">
<Products>
<Product ID="57" Name="Samsung Galaxy s6" Price="56000">
<OS>
<Name>Android</Name>
<Version>5.0.1</Version>
</OS>
<InternalMemory>32GB</InternalMemory>
<ExpandableMemory>128GB</ExpandableMemory>
</Product>
</Products>
<Products>
<Product ID="58" Name="Sony Xperia z4" Price="46000">
<OS>
<Name>Android</Name>
<Version>5.0.1</Version>
</OS>
<InternalMemory>16GB</InternalMemory>
<ExpandableMemory>64GB</ExpandableMemory>
</Product>
</Products>
</Customer>
<Customer Name="Xyz Pqrs" Address="adsfgfgrt" Contact="2387397843" Email="someone2@email.com">
<Products>
<Product ID="57" Name="Samsung Galaxy s5" Price="42000">
<OS>
<Name>Android</Name>
<Version>5.0</Version>
</OS>
<InternalMemory>32GB</InternalMemory>
<ExpandableMemory>128GB</ExpandableMemory>
</Product>
</Products>
<Products>
<Product ID="58" Name="LG G3" Price="46000">
<OS>
<Name>Android</Name>
<Version>5.0.1</Version>
</OS>
<InternalMemory>16GB</InternalMemory>
<ExpandableMemory>64GB</ExpandableMemory>
</Product>
</Products>
</Customer>
</Customers>
<Customers>
...
</Customers>
And so on
Splunk searches I want to achieve:
1.List of product sold(Product Name) with count by Region
2.customer wise product purchased.
I didn't use rex, just used splunk searches.
... View more