Dashboards & Visualizations

How to use xunit files?

New Member

Hi There
I'm very new to splunk, and am trying to find pointers on how to index xunit files (generated from some nose unit tests). A typical xunit file looks like this
<?xml version="1.0" encoding="UTF-8"?>

name="test_it" time="0">

Traceback (most recent call last):
TypeError: oops, wrong type

How would I go about indexing those files?


Tags (2)
0 Karma

Re: How to use xunit files?


First, Splunk needs to know very little about a file in order to index it or search it. Basically, if you can point Splunk at the file and the file isn't binary, you are on your way.

That said, there are 6 key things that you must configure correctly:

  • host (where the data came from)
  • source (the name of the file or other type of input)
  • sourcetype
  • timestamp
  • index (where to store the event. By default, it goes into the main index.)
  • line-breaking (how to break the input stream into events)

Most of these are easy, and Splunk usually figures them it all by itself. Source = name of file for your input. Simple. Line-breaking and timestamp extraction are usually defined as part of the sourcetype. If you have a common sourcetype (see the list of pretrained sourcetypes), Splunk can even figure out the sourcetype for you.

For an XML file though, usually Splunk will need your help. One way to do this is with the Data Preview feature, which is described here

Usually, you will need to define a sourcetype for your input, unless one of the pretrained sourcetypes works for you. Just think up a name and assign in to the input - maybe xunit. More info here, with links to details on setting the line-breaking and timestamp characteristics for your sourcetype.

Finally, here are a few other questions about XML files on the forum:




Re: How to use xunit files?

New Member

Thanks! We ended up defining an xunit source type which is working nicely- thanks!


0 Karma