Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

XML using > and < symbols

HattrickNZ
Motivator
‎04-23-2015 08:32 PM

I was having trouble with this search in my XML, I could not save it using the below search inside my searchString tags.
index=core ... | rex ".*,.*Process type=(?P&lt;ProcessType&gt;[^,]+)"

And I know it is something to do with this

Or writing it another way
&lt;ProcessType&gt;

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HattrickNZ
Motivator
‎04-23-2015 08:36 PM

The trick was to write it as this:
index=core ... | rex ".*,.*Process type=(?P&lt;ProcessType&gt;[^,]+)"

that is use
&lt; instead of <
&gt; instead of >

Hope this helps others

View solution in original post

0 Karma
Reply
Solved! Jump to solution

aljohnson_splun
Splunk Employee
Splunk Employee
‎04-24-2015 12:03 AM

Yeah, but what you're really looking for is the

CDATA!

It's the XML Escape. Then you don't need no pesky replacements.

A CDATA section looks like this:

<![CDATA[
stuff to escape <; &#^$(@#$
]]>

Check it:

<search>
  <query>
    <![CDATA[
      index=core ... | rex ".*,.*Process type=(?P<ProcessType>[^,]+)"
    ]]>
  </query>
  <earliest>-2y</earliest>
  <latest>-1y</latest>
</search>
Reply
Solved! Jump to solution

HattrickNZ
Motivator
‎04-27-2015 01:03 PM

tks for that, very helpful.

0 Karma
Reply
Solved! Jump to solution
Solution

HattrickNZ
Motivator
‎04-23-2015 08:36 PM

The trick was to write it as this:
index=core ... | rex ".*,.*Process type=(?P&lt;ProcessType&gt;[^,]+)"

that is use
&lt; instead of <
&gt; instead of >

Hope this helps others

0 Karma
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...