1 Solution
What about something like the following (assuming your XML is stored in the field myXML):
| spath input=myXML path=java.object.void output=raw
| table raw
| mvexpand raw
| rex field=raw "\<\w+\>(?<key>[^\<+]+)\<\/\w+\>\s*\<\w+\>(?<value>[^\<+]+)\<\/\w+\>"
| eval {key} = value
| stats values(*) as * by raw
| fields - raw, key, value
For example, the following:
| stats count
| eval myXML = "
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<java version=\"1.7.0_95\" class=\"java.beans.XMLDecoder\">
<object class=\"java.util.LinkedHashMap\">
<void method=\"put\">
<string>pk</string>
<string>ff7688df7f0001016b750bcffc8cd272</string>
</void>
<void method=\"put\">
<string>nodeId</string>
<string>node1</string>
</void>
<void method=\"put\">
<string>sequenceNumber</string>
<long>190891</long>
</void>
<void method=\"put\">
<string>timeStamp</string>
<long>1521629422254</long>
</void>
</object>
<object class=\"java.util.LinkedHashMap\">
<void method=\"put\">
<string>pk</string>
<string>fdd05d987f0001017c02ce1ba95593d7</string>
</void>
<void method=\"put\">
<string>nodeId</string>
<string>node1</string>
</void>
<void method=\"put\">
<string>sequenceNumber</string>
<long>190890</long>
</void>
<void method=\"put\">
<string>timeStamp</string>
<long>1521629422231</long>
</void>
</object>
"
| spath input=myXML path=java.object.void output=raw
| table raw
| mvexpand raw
| rex field=raw "\<\w+\>(?<key>[^\<+]+)\<\/\w+\>\s*\<\w+\>(?<value>[^\<+]+)\<\/\w+\>"
| eval {key} = value
| stats values(*) as * by raw
| fields - raw, key, value
Will generate this output:
What about something like the following (assuming your XML is stored in the field myXML):
| spath input=myXML path=java.object.void output=raw
| table raw
| mvexpand raw
| rex field=raw "\<\w+\>(?<key>[^\<+]+)\<\/\w+\>\s*\<\w+\>(?<value>[^\<+]+)\<\/\w+\>"
| eval {key} = value
| stats values(*) as * by raw
| fields - raw, key, value
For example, the following:
| stats count
| eval myXML = "
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<java version=\"1.7.0_95\" class=\"java.beans.XMLDecoder\">
<object class=\"java.util.LinkedHashMap\">
<void method=\"put\">
<string>pk</string>
<string>ff7688df7f0001016b750bcffc8cd272</string>
</void>
<void method=\"put\">
<string>nodeId</string>
<string>node1</string>
</void>
<void method=\"put\">
<string>sequenceNumber</string>
<long>190891</long>
</void>
<void method=\"put\">
<string>timeStamp</string>
<long>1521629422254</long>
</void>
</object>
<object class=\"java.util.LinkedHashMap\">
<void method=\"put\">
<string>pk</string>
<string>fdd05d987f0001017c02ce1ba95593d7</string>
</void>
<void method=\"put\">
<string>nodeId</string>
<string>node1</string>
</void>
<void method=\"put\">
<string>sequenceNumber</string>
<long>190890</long>
</void>
<void method=\"put\">
<string>timeStamp</string>
<long>1521629422231</long>
</void>
</object>
"
| spath input=myXML path=java.object.void output=raw
| table raw
| mvexpand raw
| rex field=raw "\<\w+\>(?<key>[^\<+]+)\<\/\w+\>\s*\<\w+\>(?<value>[^\<+]+)\<\/\w+\>"
| eval {key} = value
| stats values(*) as * by raw
| fields - raw, key, value
Will generate this output:
