Re: How to pull a complete xml from event.

harish_ka · ‎04-13-2015

i need to pull complete xml from the event. i tried spath and xpath to pull particular key pair value, but i want the complete xml from the event. i tried rex but its not working. xml looks as below:
i need to pull the complete xml

juvetm · ‎04-13-2015

hi harish_ka
can you try this commad
xmlkv commad
i think this may help
thanks

juvetm · ‎04-13-2015

hi harish_ka
can you do some thing like this

 sourcetype="access_c*" | xmlkv | table TransactionId

harish_ka · ‎04-14-2015

Thank Juvetm for your answer. But it didnt work for me 😞

harish_ka · ‎04-13-2015

it will be really helpful if you Can give an example of xmlkv usage.
i tried search.....|xmlkv
but dont know how to get the values as output...

How to pull a complete xml from event.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation