All Apps and Add-ons
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: Is it possible to use the xmlutils app to xml ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jimdiconectiv
Path Finder
09-14-2017
01:15 PM
I have a case where log file include an straight text header in front of well form xml.
Here is an exmple:
2017-09-05T13:14:02.869Z, ap=695449, xml="well formed xml"
The Bold is the straight text in front of the XML.
Is it possible to use xmlutils to xml pretty print just a single field? Perhaps as a function?
One problem is exporting data, but keeping the time stamp and ap field.
I have been trying to work around this by incorporating the time stamp into a larger xml piece and am near to having that working, but I come up with data that web xml validators like, but that still blow up pretty print.
Doing the xml print on just a field is likely the best solution, if someone can help.
Using Splunk 6.5. xmlutils seems to have installed and be working okay.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vbumgarner
Contributor
09-15-2017
03:32 PM
It does just pretty print one field, either the field "xml" or the field "_raw", in that order.
So, if you did something like:
query... | table _time ap xml | xmlprettyprint
The field xml would be pretty printed.
Unfortunately, you can't see it in a table in Splunk, because all white space is collapsed in a table view. You'd need to put the table on a dashboard and add some css to preserve the whitespace. The whitespace should survive in an export, though.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vbumgarner
Contributor
09-15-2017
03:32 PM
It does just pretty print one field, either the field "xml" or the field "_raw", in that order.
So, if you did something like:
query... | table _time ap xml | xmlprettyprint
The field xml would be pretty printed.
Unfortunately, you can't see it in a table in Splunk, because all white space is collapsed in a table view. You'd need to put the table on a dashboard and add some css to preserve the whitespace. The whitespace should survive in an export, though.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jimdiconectiv
Path Finder
09-21-2017
07:58 AM
Thanks much! I am in process of trying this. I have a similar case with some JSONs. I also was able to get pretty printing via using fairly ugly sedcmds to turn the whole log into a single XML expression.
Get Updates on the Splunk Community!
Developer Spotlight with William Searle
The Splunk Guy: A Developer’s Path from Web to Cloud
William is a Splunk Professional Services Consultant with ...
Major Splunk Upgrade – Prepare your Environment for Splunk 10 Now!
Attention App Developers: Test Your Apps with the Splunk 10.0 Beta and Ensure Compatibility Before the ...
Stay Connected: Your Guide to June Tech Talks, Office Hours, and Webinars!
What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...
