Getting Data In

Can you help me with Palo LINE_BREAKER?

spattenqt
Explorer

I'm trying to pull in some information via REST and can't seem to figure out the LINE_BREAKER. Maybe I've been staring at the screen too much today!

Example:

<response status="success">
<script/>
<result>
<devices>
<entry name="013201000081">
  <serial>013201000081</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>DDDDDDDDDDDD02P</hostname>
  <ip-address>11.11.111.111</ip-address>
  <uptime>18 days, 6:12:34</uptime>
  <family>5200</family>
  <model>PA-5220</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280074-282665</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180914.80216</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <ha>
    <state>passive</state>
    <peer>
        <serial>013201004595</serial>
    </peer>
  </ha>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>013201000081</certificate-subject-name>
  <certificate-expiry>2028/08/28 17:40:55</certificate-expiry>
  <connected-at>2018/08/30 09:14:30</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
      <display-name>vsys1</display-name>
      <shared-policy-status/>
      <shared-policy-md5sum>8afc8500662247516786c9fb70c36607</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="009401111180">
  <serial>009401111180</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>AAAAAAA01P</hostname>
  <ip-address>10.10.100.100</ip-address>
  <mac-addr/>
  <uptime>67 days, 20:05:19</uptime>
  <family>500</family>
  <model>PA-500</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280074-282665</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180917.20244</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>009401111180</certificate-subject-name>
  <certificate-expiry>2027/06/15 16:46:08</certificate-expiry>
  <connected-at>2018/08/16 10:23:37</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>05c64ee28115fd234f79d606912f2e11</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="011111001100">...</entry>
  <entry name="011111001100">
  <serial>011111001100</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>ABC1111A01Q</hostname>
  <ip-address>22.222.222.222</ip-address>
  <mac-addr/>
  <uptime>46 days, 21:21:19</uptime>
  <family>220</family>
  <model>PA-220</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2679-3176</av-version>
  <wildfire-version>263191-265719</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>0000.00.00.000</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>011111001100</certificate-subject-name>
  <certificate-expiry>2028/06/28 21:18:23</certificate-expiry>
  <connected-at>2018/09/17 14:16:29</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
    <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>30ea477bf4d60197513c682029fd4f41</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="418511332ABC111">
  <serial>418511332ABC111</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <deactivated>no</deactivated>
  <hostname>AQCEW12FRAB01T</hostname>
  <ip-address>22.33.55.55</ip-address>
  <mac-addr/>
  <uptime>46 days, 15:09:27</uptime>
  <family>vm</family>
  <model>PA-VM</model>
  <sw-version>7.1.18</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280072-282663</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180917.20242</url-filtering-version>
  <logdb-version>7.0.9</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vm-mode-type>yes</vm-mode-type>
  <is-dhcp>yes</is-dhcp>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>418511332ABC111</certificate-subject-name>
  <certificate-expiry>2027/05/17 22:08:14</certificate-expiry>
  <connected-at>2018/08/23 08:18:17</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>3968de60f644f99a912fae048bd9c176</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
</result>
</response>
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Try LINE_BREAKER = ([\r\n]+)<entry.

---
If this reply helps you, Karma would be appreciated.
0 Karma

spattenqt
Explorer

No joy, still comes through as a blob of data.

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...