topic Re: Field Extraction from XML multiple Tag Elements [In Splunk Web - Index Time] in Security https://community.splunk.com/t5/Security/Field-Extraction-from-XML-multiple-Tag-Elements-In-Splunk-Web/m-p/453996#M10603 <P>are you looking for index time or search time extraction?</P> Wed, 03 Jul 2019 07:03:36 GMT Sukisen1981 2019-07-03T07:03:36Z Field Extraction from XML multiple Tag Elements [In Splunk Web - Index Time] https://community.splunk.com/t5/Security/Field-Extraction-from-XML-multiple-Tag-Elements-In-Splunk-Web/m-p/453995#M10602 <P>Hello,<BR /> I have the following XML file containing many Objects elements.</P> <PRE><CODE>&lt;?xml version='1.0' encoding='UTF-8'?&gt; &lt;Module name='ModuleName' ModuleAttributeName='/Path/To/ModuleName'&gt; &lt;ModuleAttribute name='IN_Scope' value='Project'/&gt; &lt;ModuleAttribute name='IN_Type' value='TRP'/&gt; &lt;ModuleAttribute name='IN_Feature' value='SYS'/&gt; &lt;ModuleAttribute name='IN_Area' value='SYSTEM'/&gt; &lt;ModuleAttribute name='ModuleType' value='TRP'/&gt; &lt;Object id='11' MUID='MUID.11' GUID='110023er.11' &gt; &lt;Attribute name='State' value='ok'/&gt; &lt;Attribute name='evaluated' value='no'/&gt; &lt;Attribute name='original ASIL-Classification' value='---'/&gt; &lt;Attribute name='Source_CQ_ID' value=''/&gt; &lt;/Object&gt; &lt;Object id='12' MUID='MUID.12' GUID='110023er.12' &gt; &lt;Attribute name='State' value='ok'/&gt; &lt;Attribute name='evaluated' value='no'/&gt; &lt;Attribute name='original ASIL-Classification' value='---'/&gt; &lt;Attribute name='Source_CQ_ID' value=''/&gt; &lt;/Object&gt;&lt;/Module&gt; </CODE></PRE> <P>``</P> <P>I have liked to have the following structure:</P> <PRE><CODE>Object - ModuleName: ModuleAttributeName - ModuleFullName: /Path/To/ModuleName - ModuleIN_Scope: Project - ModuleIN_Feature: TRP - ModuleAttributeWhatever: ... - ObjectState: ok - ObjectEvaluated: no - ObjectSource_CQ_ID: '' </CODE></PRE> <P>How can I easily parse this in splunk ? The Module Tag appeas</P> Tue, 02 Jul 2019 15:01:16 GMT https://community.splunk.com/t5/Security/Field-Extraction-from-XML-multiple-Tag-Elements-In-Splunk-Web/m-p/453995#M10602 dfofie 2019-07-02T15:01:16Z Re: Field Extraction from XML multiple Tag Elements [In Splunk Web - Index Time] https://community.splunk.com/t5/Security/Field-Extraction-from-XML-multiple-Tag-Elements-In-Splunk-Web/m-p/453996#M10603 <P>are you looking for index time or search time extraction?</P> Wed, 03 Jul 2019 07:03:36 GMT https://community.splunk.com/t5/Security/Field-Extraction-from-XML-multiple-Tag-Elements-In-Splunk-Web/m-p/453996#M10603 Sukisen1981 2019-07-03T07:03:36Z Re: Field Extraction from XML multiple Tag Elements [In Splunk Web - Index Time] https://community.splunk.com/t5/Security/Field-Extraction-from-XML-multiple-Tag-Elements-In-Splunk-Web/m-p/453997#M10604 <P>Hello @sukissen, I'm mostly looking for the index time extraction.</P> Wed, 03 Jul 2019 07:12:35 GMT https://community.splunk.com/t5/Security/Field-Extraction-from-XML-multiple-Tag-Elements-In-Splunk-Web/m-p/453997#M10604 dfofie 2019-07-03T07:12:35Z