How do I extract field values from XML logs?

aruotolo · ‎10-10-2018

Hi,

I have log files containing text and XML. I need to extract all fields from the XML rows.

I tried using

Props.conf:

TRUNCATE = 0
NO_BINARY_CHECK = 1
pulldown_type = 1
KV_MODE = xml
TRANSFORMS = itepm339-xml

And transforms.conf

REGEX = \<(\w+[^\n\/\>]+)\/?\>([^\<\n][^\<]*)\<
FORMAT = $1::$2

It works, but extracts only the first couple field-value from XML:

Please can you help me to understand what i am missing?

nswondem · ‎10-10-2018

Hello aruotolo,

Thanks
nswondem

aruotolo · ‎10-10-2018

Hi @Nswondem

but the page of your link doesn't exist error 404.

Alfredo

mstjohn_splunk · ‎10-10-2018

hi @nswondem,

there was just a typo in that link. I've removed it, and now you should be able to click it. Hopefully it helps you with your query! Let us know.

Thanks for posting!