Getting Data In

Can you help me with Palo LINE_BREAKER?

Explorer

I'm trying to pull in some information via REST and can't seem to figure out the LINE_BREAKER. Maybe I've been staring at the screen too much today!

Example:

<response status="success">
<script/>
<result>
<devices>
<entry name="013201000081">
  <serial>013201000081</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>DDDDDDDDDDDD02P</hostname>
  <ip-address>11.11.111.111</ip-address>
  <uptime>18 days, 6:12:34</uptime>
  <family>5200</family>
  <model>PA-5220</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280074-282665</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180914.80216</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <ha>
    <state>passive</state>
    <peer>
        <serial>013201004595</serial>
    </peer>
  </ha>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>013201000081</certificate-subject-name>
  <certificate-expiry>2028/08/28 17:40:55</certificate-expiry>
  <connected-at>2018/08/30 09:14:30</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
      <display-name>vsys1</display-name>
      <shared-policy-status/>
      <shared-policy-md5sum>8afc8500662247516786c9fb70c36607</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="009401111180">
  <serial>009401111180</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>AAAAAAA01P</hostname>
  <ip-address>10.10.100.100</ip-address>
  <mac-addr/>
  <uptime>67 days, 20:05:19</uptime>
  <family>500</family>
  <model>PA-500</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280074-282665</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180917.20244</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>009401111180</certificate-subject-name>
  <certificate-expiry>2027/06/15 16:46:08</certificate-expiry>
  <connected-at>2018/08/16 10:23:37</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>05c64ee28115fd234f79d606912f2e11</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="011111001100">...</entry>
  <entry name="011111001100">
  <serial>011111001100</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <hostname>ABC1111A01Q</hostname>
  <ip-address>22.222.222.222</ip-address>
  <mac-addr/>
  <uptime>46 days, 21:21:19</uptime>
  <family>220</family>
  <model>PA-220</model>
  <sw-version>8.0.10</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2679-3176</av-version>
  <wildfire-version>263191-265719</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>0000.00.00.000</url-filtering-version>
  <logdb-version>8.0.16</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>011111001100</certificate-subject-name>
  <certificate-expiry>2028/06/28 21:18:23</certificate-expiry>
  <connected-at>2018/09/17 14:16:29</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
    <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>30ea477bf4d60197513c682029fd4f41</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
<entry name="418511332ABC111">
  <serial>418511332ABC111</serial>
  <connected>yes</connected>
  <unsupported-version>no</unsupported-version>
  <deactivated>no</deactivated>
  <hostname>AQCEW12FRAB01T</hostname>
  <ip-address>22.33.55.55</ip-address>
  <mac-addr/>
  <uptime>46 days, 15:09:27</uptime>
  <family>vm</family>
  <model>PA-VM</model>
  <sw-version>7.1.18</sw-version>
  <app-version>8064-4985</app-version>
  <av-version>2737-3244</av-version>
  <wildfire-version>280072-282663</wildfire-version>
  <threat-version>8064-4985</threat-version>
  <url-db>paloaltonetworks</url-db>
  <url-filtering-version>20180917.20242</url-filtering-version>
  <logdb-version>7.0.9</logdb-version>
  <vpnclient-package-version/>
  <global-protect-client-package-version>0.0.0</global-protect-client-package-version>
  <domain/>
  <vm-mode-type>yes</vm-mode-type>
  <is-dhcp>yes</is-dhcp>
  <vpn-disable-mode>no</vpn-disable-mode>
  <operational-mode>normal</operational-mode>
  <certificate-status/>
  <certificate-subject-name>418511332ABC111</certificate-subject-name>
  <certificate-expiry>2027/05/17 22:08:14</certificate-expiry>
  <connected-at>2018/08/23 08:18:17</connected-at>
  <custom-certificate-usage>no</custom-certificate-usage>
  <multi-vsys>no</multi-vsys>
  <vsys>
    <entry name="vsys1">
    <display-name>vsys1</display-name>
    <shared-policy-status/>
    <shared-policy-md5sum>3968de60f644f99a912fae048bd9c176</shared-policy-md5sum>
    </entry>
  </vsys>
</entry>
</result>
</response>
0 Karma

SplunkTrust
SplunkTrust

Try LINE_BREAKER = ([\r\n]+)<entry.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Explorer

No joy, still comes through as a blob of data.

0 Karma