All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Qualys App for Splunk Enterprise: How to get rid of HTML tags in Qualys "Solution" field?

muralianup
Communicator
‎01-04-2016 06:32 AM

I am using the Qualys App for Splunk Enterprise and there's a lot of HTML tags in the Solution field.

Eg:
<P> , <A Href, <PRE>..etc.

Is there any way to get rid of these?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎01-04-2016 09:22 AM

You can use sedcmd in props.conf or rex in search.

sedcmd-htmlaaa = "s/\<P\>//g"   #removes <P>
sedcmd-htmlaab = "s/\<\/P\>//g" #removes</P>

etc.

View solution in original post

Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎01-04-2016 09:22 AM

You can use sedcmd in props.conf or rex in search.

sedcmd-htmlaaa = "s/\<P\>//g"   #removes <P>
sedcmd-htmlaab = "s/\<\/P\>//g" #removes</P>

etc.

Reply
Solved! Jump to solution

muralianup
Communicator
‎01-04-2016 12:35 PM

If its only

&

, its fine. But there're lots of other HTML tags in the field. Are you telling me I may need to add separate SED for each & every HTML tags ?

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎01-06-2016 04:22 AM

yes, welcome to data science... you would need a separate sedcmd for each html tag in my opinion.

But perhaps you can use a single regex to remove all markup...

http://lmgtfy.com/?q=regex+to+remove+all+html

The problem with a single sedcmd to remove all is that this:

 <h1>header</h1><div><font="red">body</font></div>

... will become this:

 headerbody

... or perhaps this if you're really good with regex you'll get smart and add special word/character or spaces: (underscores followed by space instead of original tags for example)

_ header_ _ _ body_ _
0 Karma
Reply
Solved! Jump to solution

muralianup
Communicator
‎01-06-2016 04:27 AM

Got it working. Used this SED in the search:

rex field=SOLUTION mode=sed "s/<[^>]*>//g"

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...