Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Not able to extract the NAME1 value from XML file

lksridhar
Explorer
‎02-21-2017 04:35 AM

Hi ALL,

we are trying to get data from below XML file , go to node SSL1DF and under SSL1DF if value of PARVW="AG", then pick the value of NAME1 and display it in a table. i have tried with below query but didn't received what i'm looking , could you please provide the search query to get the value.

Search Query:

index=datapower host=mq-tst sourcetype=mq ServiceName=SC_GLOBAL_B2B_AS2_F4F_ShipNoticeInvoiceOutbound_MPGW | xpath outfield=NAME2 "//E1EDKA2[PARVW=\"AG\"]NAME2" | table NAME2

XML file.

AG
0030128356267702
D6320
configuration message

Tags (1)
0 Karma
Reply

niketn
Legend
‎02-21-2017 06:21 AM

You need to parse to PARVW and NAME1 nodes separately and then pipe your search condition for both the fields i.e.
(PS: I personally prefer spath over xpath as I am more comfortable with spath syntax)
Your query example does not show XML being extracted. If you already do not have a field containing XML data extract the same using rex. Since detail is not present in example, I am assuming xml data field name as xml_data for the following example. (also assuming E1EDKA2 is the root node as per your sample data/query, if not please change path accordingly):

 <Your Base Search>
| spath input=xml_data output=PARVW path=E1EDKA2.PARVW 
| spath input=xml_data output=NAME1 path=E1EDKA2.NAME1 
| search PARVW="AG"
| table NAME1
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

niketn
Legend
‎02-24-2017 08:56 AM

@lksridhar... Were you able to test the answer? Also since you have posted a screenshot of Ship To Data, I would recommend mocking or masking the data.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

lksridhar
Explorer
‎02-21-2017 04:40 AM

Please find the attached XML filealt text

Preview file
1 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...