Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: 3GPP TS 32.435 XML format parsing
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3GPP TS 32.435 XML format parsing
mikaellindstrom
New Member
07-08-2019
02:39 PM
Hi,
Has anyone been able to parse XML files in 3GPP 32.435 format? It's an XML formatted file with performance measurements.
In the sample below, the node that generates this file has connections to extNode1-4 and generates statistics for 2 types of counters (countername1 (p=1), countername2 (p=2)) for each of the external nodes. - so in this file, a total of 8 measurement points, 2 for each external nodes.
I'm a little unsure of how to best parse this in Splunk.
<fileHeader fileFormatVersion="32.435 V10.0" vendorName="XXXX">
<fileSender localDn="ManagedElement=Node" elementType="YYYY"/>
<measCollec beginTime="2019-06-17T17:45:00-07:00"/>
</fileHeader>
<measData>
<managedElement localDn="ManagedElement=Node" swVersion="XXXYYYZZZZ"/>
<measInfo measInfoId="DscRemotePeer">
<job jobId="Blade_test"/>
<granPeriod duration="PT900S" endTime="2019-06-17T18:00:00-07:00"/>
<repPeriod duration="PT900S"/>
<measType p="1">countername1</measType>
<measType p="2">countername2</measType>
<measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode1.domain.com,DscRemotePeers=1,DscRemotePeer=extNode1">
<r p="1">0</r>
<r p="2">0</r>
</measValue>
<measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode2.domain.com,DscRemotePeers=1,DscRemotePeer=extNode2">
<r p="1">0</r>
<r p="2">0</r>
</measValue>
<measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode3.domain.com,DscRemotePeers=1,DscRemotePeer=extNode3">
<r p="1">0</r>
<r p="2">0</r>
</measValue>
<measValue measObjLdn="DscFunction=1,DscNodes=1,DscNode=Node,DscAdjacentRealms=1,DscAdjacentRealm=extNode4.domain.com,DscRemotePeers=1,DscRemotePeer=extNode4">
<r p="1">0</r>
<r p="2">0</r>
</measValue>
</measInfo>
</measData>
<fileFooter>
<measCollec endTime="2019-06-17T18:00:00-07:00"/>
</fileFooter>
Regards,
Mikael Lindstrom
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mikaellindstrom
New Member
09-09-2019
12:55 PM
Hi,
we got around this by converting the XML files using xsltproc with a custom stylesheet into a key-value pair file. This conversion is done on an intermediate node.
Regards,
Mike
Get Updates on the Splunk Community!
Splunk Observability as Code: From Zero to Dashboard
For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...
Shape the Future of Splunk: Join the Product Research Lab!
Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...
