Getting Data In

Can you help me with Palo LINE_BREAKER?

Explorer

I'm trying to pull in some information via REST and can't seem to figure out the LINE_BREAKER. Maybe I've been staring at the screen too much today!

Example:

<response status="success">
<script/>
<result>
<devices>
<entry name="013201000081">
  <serial>013201000081</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>DDDDDDDDDDDD02P</hostname>
  <ip-address>11.11.111.111</ip-address>
  <uptime>18 days, 6:12:34</uptime>
  <family>5200</family>
  <model>PA-5220</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280074-282665</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180914.80216</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <ha>
    <state>passive</state>
    <peer>
        <serial>013201004595</serial>
    </peer>
  </ha>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>013201000081</certificate-subject-name>
  <certificate-expiry>2028/08/28 17:40:55</certificate-expiry>
  <connected-at>2018/08/30 09:14:30</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
      <display-name>vsys1</display-name>
      <shared-policy-status/>
      <shared-policy-md5sum>8afc8500662247516786c9fb70c36607</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="009401111180">
  <serial>009401111180</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>AAAAAAA01P</hostname>
  <ip-address>10.10.100.100</ip-address>
  <mac-addr/>
  <uptime>67 days, 20:05:19</uptime>
  <family>500</family>
  <model>PA-500</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280074-282665</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180917.20244</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>009401111180</certificate-subject-name>
  <certificate-expiry>2027/06/15 16:46:08</certificate-expiry>
  <connected-at>2018/08/16 10:23:37</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>05c64ee28115fd234f79d606912f2e11</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="011111001100">...</entry>
  <entry name="011111001100">
  <serial>011111001100</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>ABC1111A01Q</hostname>
  <ip-address>22.222.222.222</ip-address>
  <mac-addr/>
  <uptime>46 days, 21:21:19</uptime>
  <family>220</family>
  <model>PA-220</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2679-3176</av-version>
  <wildfire-version>263191-265719</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>0000.00.00.000</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>011111001100</certificate-subject-name>
  <certificate-expiry>2028/06/28 21:18:23</certificate-expiry>
  <connected-at>2018/09/17 14:16:29</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
    <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>30ea477bf4d60197513c682029fd4f41</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="418511332ABC111">
  <serial>418511332ABC111</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <deactivated>no</deactivated>
  <hostname>AQCEW12FRAB01T</hostname>
  <ip-address>22.33.55.55</ip-address>
  <mac-addr/>
  <uptime>46 days, 15:09:27</uptime>
  <family>vm</family>
  <model>PA-VM</model>
  <sw-version>7.1.18</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280072-282663</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180917.20242</url-filtering-version>
  <logdb-version>7.0.9</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vm-mode-type>yes</vm-mode-type>
  <is-dhcp>yes</is-dhcp>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>418511332ABC111</certificate-subject-name>
  <certificate-expiry>2027/05/17 22:08:14</certificate-expiry>
  <connected-at>2018/08/23 08:18:17</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>3968de60f644f99a912fae048bd9c176</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
</result>
</response>
0 Karma

SplunkTrust
SplunkTrust

Try LINE_BREAKER = ([\r\n]+)<entry.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Explorer

No joy, still comes through as a blob of data.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!