How to extract data from XML tags

mhirt34 — Mon, 19 Dec 2022 20:49:34 GMT

Looking for help extracting Info between XML tags. This is generated from windows Print server event logs. the raw data looks like this:

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-PrintService' Guid='{747EF6FD-E535-4D16-B510-42C90F6873A1}'/><EventID>307</EventID><Version>0</Version><Level>4</Level><Task>26</Task><Opcode>11</Opcode><Keywords>0x4000000000000840</Keywords><TimeCreated SystemTime='2022-12-19T20:07:42.882389000Z'/><EventRecordID>Record_ID</EventRecordID><Correlation/><Execution ProcessID='procID' ThreadID='threadID'/><Channel>Microsoft-Windows-PrintService/Operational</Channel><Computer>User's computer</Computer><Security UserID='SID'/></System><UserData><DocumentPrinted xmlns='http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events'><Param1>216</Param1><Param2>Print Document</Param2><Param3>Username</Param3><Param4>Users_computer</Param4><Param5>Print Share Name</Param5><Param6>printer_name</Param6><Param7>1406204</Param7><Param8>1</Param8></DocumentPrinted></UserData></Event>

How do extract Peram3 and Peram5?
I have attempted using this regular expression, but it fails to find it

| regex _raw ="<Param3>.*?<\/Param3>"

Re: How to extract data from XML tags

PickleRick — Mon, 19 Dec 2022 21:03:37 GMT

You can try:

spath
xpath
xmlkv

topic Re: How to extract data from XML tags in Splunk Search

How to extract data from XML tags

Re: How to extract data from XML tags