- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- xmlutils to prettyprint xml stored inside a json e...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
xmlutils to prettyprint xml stored inside a json event?
I have events that are json objects. Many of those events include a field that has xml in it.
I am attempting to use xmlutils and search splunk to extract the xml value and prettyprint the xml. Is this possible?
Example event:
{
"info":{
"event_type":"soap-response",
"relativeCreated":4200.059175491333,
"process":50500,
"module":"session",
"funcName":"_perform_request",
"message":"Chicken SOAP response Security_Authenticate",
"xml":"<?xml version=\"1.0\" encoding=\"UTF-8\"?><soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Header xmlns=\"http://xml.chicken.com/ws/2009/01/WBS_Session-2.0.xsd\"><Session><SessionId>04KUA1</SessionId><SequenceNumber>1</SequenceNumber><SecurityToken>18AE3J1KMCMH42FU0R9</SecurityToken></Session></soap:Header><soap:Body><Security_AuthenticateReply xmlns=\"http://xml.chicken.com/VLSSLR_06_1_1A\"><processStatus><statusCode>P</statusCode></processStatus></Security_AuthenticateReply></soap:Body></soap:Envelope>",
"levelno":20,
"filename":"session.py",
"method_name":"Auth",
"processName":"MainProcess",
"time_elapsed":0.309906005859375,
"format":"naked",
"exc_text":null,
"thread":4608960144,
"created":"2015-08-12 15:19:07.158",
"threadName":"MainThread",
"msecs":158.54907035827637,
"exc_info":null,
"message_type":"cessna-xml",
"levelname":"INFO"
}
}
I can isolate the xml for the events that have it by using this search:
index="test-mixed-json-log" | spath output=xml path=info.xml | search xml="*" | table xml
Adding xmlprettyprint to the search does not show it as pretty.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Love to suggest a tool which does the same I use some time to pretty print XML using https://jsonformatter.org/xml-pretty-print
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm, I wonder if namespaces are supported. I don't know if that was ever tested.
If there is an error, you may not be seeing it, since the error itself is written to _raw.
michtek's suggestion should expose any errors, if parsing is the problem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
don't use "| table xml". Try to replace it with "|rename xml as _raw | xmlprettyprint"
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
