Re: 3GPP TS 32.435 XML format parsing

mikaellindstrom · ‎07-08-2019

Hi,
Has anyone been able to parse XML files in 3GPP 32.435 format? It's an XML formatted file with performance measurements.
In the sample below, the node that generates this file has connections to extNode1-4 and generates statistics for 2 types of counters (countername1 (p=1), countername2 (p=2)) for each of the external nodes. - so in this file, a total of 8 measurement points, 2 for each external nodes.
I'm a little unsure of how to best parse this in Splunk.

    <fileHeader fileFormatVersion="32.435 V10.0" vendorName="XXXX">
            <fileSender localDn="ManagedElement=Node" elementType="YYYY"/>
            <measCollec beginTime="2019-06-17T17:45:00-07:00"/>
    </fileHeader>
    <measData>
            <managedElement localDn="ManagedElement=Node" swVersion="XXXYYYZZZZ"/>
            <measInfo measInfoId="DscRemotePeer">
                    <job jobId="Blade_test"/>
                    <granPeriod duration="PT900S" endTime="2019-06-17T18:00:00-07:00"/>
                    <repPeriod duration="PT900S"/>
                    <measType p="1">countername1</measType>
                    <measType p="2">countername2</measType>
                    <measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode1.domain.com,DscRemotePeers=1,DscRemotePeer=extNode1">
                            <r p="1">0</r>
                            <r p="2">0</r>
                    </measValue>
                    <measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode2.domain.com,DscRemotePeers=1,DscRemotePeer=extNode2">
                            <r p="1">0</r>
                            <r p="2">0</r>
                    </measValue>
                    <measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode3.domain.com,DscRemotePeers=1,DscRemotePeer=extNode3">
                            <r p="1">0</r>
                            <r p="2">0</r>
                    </measValue>
                    <measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode4.domain.com,DscRemotePeers=1,DscRemotePeer=extNode4">
                            <r p="1">0</r>
                            <r p="2">0</r>
                    </measValue>
            </measInfo>
    </measData>
    <fileFooter>
            <measCollec endTime="2019-06-17T18:00:00-07:00"/>
    </fileFooter>

Regards,
Mikael Lindstrom

mikaellindstrom · ‎09-09-2019

Hi,
we got around this by converting the XML files using xsltproc with a custom stylesheet into a key-value pair file. This conversion is done on an intermediate node.

Regards,
Mike

3GPP TS 32.435 XML format parsing

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

3GPP TS 32.435 XML format parsing

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases