Hi..
I am trying to create a dashboard which extracts errorCode field from multiple xmls. Xpath for it would be different for different outputs. For ex: for createUser it is abc and for deleteUser it would be xyz. I need to have the xpath dynamic which extracts errorCode alone. I am trying with below regular expression which I know makes no sense. Please help.
... View more
Sir. Thanks for the reply. But I am unable to apply this to splunk dash board. I am clueless about the mistake.
host="xyz*" index="abc" (",log_," ) | rex "(?.),(?.),(?.),(?.),(?s)(?.)" |rex fault=PAYLOAD "\s+?(?\S[^<]+?)\s+?<\/errorCode>"| stats count(fault) as FaultCount by fault
... View more
Hi..
I am trying to create a dashboard which extracts errorCode field from multiple xmls. Xpath for it would be different for different outputs. For ex: for createUser it is abc and for deleteUser it would be xyz. I need to have the xpath dynamic which extracts errorCode alone. I am trying with below expression which I know makes no sense. Please help.
|rex "(?.),(?.),(?.),(?.),(?s)(?.*)" | spath input=PAYLOAD output=fault path="*errorCode" |stats count(fault) as FaultCount by fault
The above is retrieving zero results.
... View more