Dashboards & Visualizations

How to pull a complete xml from event.

harish_ka
Communicator

i need to pull complete xml from the event. i tried spath and xpath to pull particular key pair value, but i want the complete xml from the event. i tried rex but its not working. xml looks as below:
i need to pull the complete xml alt text

Tags (1)
0 Karma

juvetm
Communicator

hi harish_ka
can you try this commad
xmlkv commad
i think this may help
thanks

0 Karma

juvetm
Communicator

hi harish_ka
can you do some thing like this

 sourcetype="access_c*" | xmlkv | table TransactionId
0 Karma

harish_ka
Communicator

Thank Juvetm for your answer. But it didnt work for me :disappointed_face:

0 Karma

harish_ka
Communicator

it will be really helpful if you Can give an example of xmlkv usage.
i tried search.....|xmlkv
but dont know how to get the values as output...

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...