I trying to split the xml data while pushing into splunk. I had a tough time working on this as this a combination of XML and CSV format.
Input:
10:26:10 PST 16 Nov 2015
<employee details="ename;position;branch" department="XYZ">AA;systems engineer;seattle
</employee>
1:26:10 PST 16 Nov 2015
<employee details="ename;position;branch" department="XYZ">BB;Lead;seattle
CC;Tech Lead,Redmond
</employee>
6:26:10 PST 16 Nov 2015
<employee details="ename;position;branch" department="XYZ">DD;data architect;annapolis
</employee>
Expected Output:
ename position branch
AA systems engineer seattle
BB Lead seattle
CC Tech Lead Redmond
DD data architect annapolis
... View more