Dashboards & Visualizations
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Get specific data in xml as result of query, Using...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Get specific data in xml as result of query, Using JAVA API
monanimihir
Explorer
09-22-2015
04:48 AM
Suppose i create a Query and its output in XML contains 100+ elements(to be specific , using JAVA API). As per my need there are only few fields(like 4-5 out of 100+) that is important.
When i apply a query and get result as XML , it will be 100+ fields in one result . But i want to get only 3-4 fields as result out of 100+ elements.
As an example , consider this XML output file :-
<?xml version='1.0' encoding='UTF-8'?>
<results preview='0'>
<meta>
<fieldOrder>
<field>_bkt</field>
<field>_cd</field>
<field>_indextime</field>
<field>_raw</field>
<field>_serial</field>
<field>_si</field>
<field>_sourcetype</field>
<field>_subsecond</field>
<field>_time</field>
<field>host</field>
<field>index</field>
<field>linecount</field>
<field>source</field>
<field>sourcetype</field>
<field>splunk_server</field>
</fieldOrder>
</meta>
<result offset='0'>
<field k='_bkt'>
<value><text>_internal~7731~1DBA39FA-6647-46E3-B469-CAF7DC0DF495</text></value>
</field>
<field k='_cd'>
<value><text>7731:26146</text></value>
</field>
<field k='_indextime'>
<value><text>1442903467</text></value>
</field>
<field k='_serial'>
<value><text>0</text></value>
</field>
<field k='_si'>
<value><text>shared-logsearch3-3-crz_logsearch_1</text></value>
<value><text>_internal</text></value>
</field>
<field k='_sourcetype'>
<value><text>splunkd_access</text></value>
</field>
<field k='_subsecond'>
<value><text>.128</text></value>
</field>
<field k='_time'>
<value><text>2015-09-22T06:31:07.128+00:00</text></value>
</field>
<field k='index'>
<value><text>_internal</text></value>
</field>
<field k='linecount'>
<value><text>1</text></value>
</field>
<field k='source'>
<value><text>/home/logsearch_2/logs/splunk/splunkd_access.log</text></value>
</field>
<field k='sourcetype'>
<value><text>splunkd_access</text></value>
</field>
<field k='splunk_server'>
<value><text>Random_server_Name</text></value>
</field>
</result>
</results>
From above XML file i need only 4 fields as result but what i am getting is more than 10 fields.
Is there any way to limit output of query?
I am doing all of this using JAVA API, not with Splunk UI
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
monanimihir
Explorer
12-10-2015
02:21 AM
got the answer from another Question from Splunk:-
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
monanimihir
Explorer
09-22-2015
11:02 PM
got the answer from another Question from Splunk:-
Get Updates on the Splunk Community!
Aligning Observability Costs with Business Value: Practical Strategies
Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...
Mastering Data Pipelines: Unlocking Value with Splunk
In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0
Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
