Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to line break my XML file by using LINE_BREAKER or editing props.conf?

abhishekdharga
Engager
‎10-26-2016 11:56 AM

Hi Guys,

I am trying to breaks the events for my sample XML file. Below is the sample.
I need to break this on tag.
I tried LINE_BREAKER =([\r\n]*)</row> but its not working.
When I put in the same content on regex and put in the regex its matching 7 times, but it's not working through props.conf.
Can someone please help?

E</location><latitude>39.4266216666667</latitude><longitude>-77.4294916666667</longitude><accident>No</accident><belts>No</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>Yes</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 - Automobile</vehicle_type><year>2006</year><make>TOYOTA</make><model>RAV4</model><color>BLACK</color><violation_type>Warning</violation_type><charge>21-402(a)</charge><article>Transportation Article</article><contributed_to_accident>No</contributed_to_accident><race>BLACK</race><gender>M</gender><driver_city>SILVER SPRING</driver_city><driver_state>MD</driver_state><dl_state>MD</dl_state><arrest_type>A - Marked Patrol</arrest_type><geolocation human_address="{&quot;address&quot;:&quot;&quot;,&quot;city&quot;:&quot;&quot;,&quot;state&quot;:&quot;&quot;,&quot;zip&quot;:&quot;&quot;}" latitude="39.4266216666667" longitude="-77.4294916666667" needs_recoding="false"/></row><row _id="1762269" _uuid="512F0A4C-0D0A-407E-A98D-1E1999443E71" _position="1762269" _address="http://data.montgomerycountymd.gov/resource/_4mse-ku6q/1762269"><date_of_stop>2015-07-31T00:00:00</date_of_stop><time_of_stop>17:02:00</time_of_stop><agency>MCP</agency><subagency>2nd district, Bethesda</subagency><description>DRIVER FAILURE TO OBEY PROPERLY PLACED TRAFFIC CONTROL DEVICE INSTRUCTIONS</description><location>OLD GEORGETOWN RD/CORDELL AV</location><accident>No</accident><belts>No</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>No</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 - Automobile</vehicle_type><year>2013</year><make>CHEV</make><model>MALIBU</model><color>BLACK</color><violation_type>Warning</violation_type><charge>21-201(a1)</charge><article>Transportation Article</article><contributed_to_accident>No</contributed_to_accident><race>WHITE</race><gender>F</gender><driver_city>NORTH POTOMAC</driver_city><driver_state>MD</driver_state><dl_state>MD</dl_state><arrest_type>A - Marked Patrol</arrest_type></row><row _id="1762268" _uuid="4A337EDC-57ED-4E8F-A699-B5B7533BD65C" _position="1762268" _address="http://data.montgomerycountymd.gov/resource/_4mse-ku6q/1762268"><date_of_stop>2015-07-31T00:00:00</date_of_stop><time_of_stop>17:09:00</time_of_stop><agency>MCP</agency><subagency>2nd district, Bethesda</subagency><description>DRIVER FAILURE TO OBEY PROPERLY PLACED TRAFFIC CONTROL DEVICE INSTRUCTIONS</description><location>OLD GEORGETOWN RD/CORDELL AV</location><accident>No</accident><belts>No</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>No</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 - Automobile</vehicle_type><year>2004</year><make>HONDA</make><model>TRUCK</model><color>BEIGE</color><violation_type>Warning</violation_type><charge>21-201(a1)</charge><article>Transportation Article</article><contributed_to_accident>No</contributed_to_accident><race>WHITE</race><gender>F</gender><driver_city>BETHESDA</driver_city><driver_state>MD</driver_state><dl_state>MD</dl_state><arrest_type>A - Marked Patrol</arrest_type></row><row _id="1762267" _uuid="8228FEC3-636E-4C8D-BB9B-B21AE0496E16" _position="1762267" _address="http://data.montgomerycountymd.gov/resource/_4mse-ku6q/1762267"><date_of_stop>2015-07-31T00:00:00</date_of_stop><time_of_stop>17:13:00</time_of_stop><agency>MCP</agency><subagency>5th district, Germantown</subagency><description>FAILURE TO DISPLAY REGISTRATION CARD UPON DEMAND BY POLICE OFFICER</description><location>LOCBURY AT CHURCHILL RIDGE</location><latitude>39.18973</latitude><longitude>-77.268995</longitude><accident>No</accident><belts>No</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>No</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 - Automobile</vehicle_type><year>2004</year><make>DODGE</make><model>DURANGO</model><color>SILVER</color><violation_type>Warning</violation_type><charge>13-409(b)</charge><article>Transportation Article</article><contributed_to_accident>No</contributed_to_accident><race>NATIVE AMERICAN</race><gender>F</gender><driver_city>GERMANTOWN</driver_city><driver_state>MD</driver_state><dl_state>MD</dl_state><arrest_type>A - Marked Patrol</arrest_type><geolocation human_address="{&quot;address&quot;:&quot;&quot;,&quot;city&quot;:&quot;&quot;,&quot;state&quot;:&quot;&quot;,&quot;zip&quot;:&quot;&quot;}" latitude="39.18973" longitude="-77.268995" needs_recoding="false"/></row><row _id="1762082" _uuid="EC1CA1EC-4414-475F-9E39-CD5B2D241D75" _position="1762082" _address="http://data.montgomerycountymd.gov/resource/_4mse-ku6q/1762082"><date_of_stop>2015-07-31T00:00:00</date_of_stop><time_of_stop>22:45:00</time_of_stop><agency>MCP</agency><subagency>3rd district, Silver Spring</subagency><description>OPER SOUND AMPLIFICATIONSYSTEM FROM VEH THAT CAN BE HEARD FROM 50' OR MORE</description><location>9609 MERWOOD LA</location><latitude>39.0138333333333</latitude><longitude>-77.0026016666667</longitude><accident>No</accident><belts>Yes</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>No</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 - Automobile</vehicle_type><year>1998</year><make>CHEVROLET</make><model>ENVOY</model><color>GREEN</color><violation_type>Warning</violation_type><charge>21-1122(c)</charge><article>Transportation Article</article><contributed_to_accident>No</contributed_to_accident><race>HISPANIC</race><gender>M</gender><driver_city>SILVER SPRING</driver_city><driver_state>MD</driver_state><dl_state>XX</dl_state><arrest_type>A - Marked Patrol</arrest_type><geolocation human_address="{&quot;address&quot;:&quot;&quot;,&quot;city&quot;:&quot;&quot;,&quot;state&quot;:&quot;&quot;,&quot;zip&quot;:&quot;&quot;}" latitude="39.0138333333333" longitude="-77.0026016666667" needs_recoding="false"/></row><row _id="1762266" _uuid="7754FB2E-A1AA-4580-9ADE-89F790BF14D1" _position="1762266" _address="http://data.montgomerycountymd.gov/resource/_4mse-ku6q/1762266"><date_of_stop>2015-07-31T00:00:00</date_of_stop><time_of_stop>17:13:00</time_of_stop><agency>MCP</agency><subagency>5th district, Germantown</subagency><description>EXCEEDING THE POSTED SPEED LIMIT OF 30 MPH</description><location>LOCBURY AT CHURCHILL RIDGE</location><latitude>39.18973</latitude><longitude>-77.268995</longitude><accident>No</accident><belts>No</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>No</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 - Automobile</vehicle_type><year>2004</year><make>DODGE</make><model>DURANGO</model><color>SILVER</color><violation_type>Warning</violation_type><charge>21-801.1</charge><article>Transportation Article</article><contributed_to_accident>No</contributed_to_accident><race>NATIVE AMERICAN</race><gender>F</gender><driver_city>GERMANTOWN</driver_city><driver_state>MD</driver_state><dl_state>MD</dl_state><arrest_type>A - Marked Patrol</arrest_type><geolocation human_address="{&quot;address&quot;:&quot;&quot;,&quot;city&quot;:&quot;&quot;,&quot;state&quot;:&quot;&quot;,&quot;zip&quot;:&quot;&quot;}" latitude="39.18973" longitude="-77.268995" needs_recoding="false"/></row><row _id="1762265" _uuid="6FFDE3E7-BD7F-4CCD-B162-E8396ADF8964" _position="1762265" _address="http://data.montgomerycountymd.gov/resource/_4mse-ku6q/1762265"><date_of_stop>2015-07-31T00:00:00</date_of_stop><time_of_stop>17:14:00</time_of_stop><agency>MCP</agency><subagency>2nd district, Bethesda</subagency><description>FAILURE TO DISPLAY REGISTRATION CARD UPON DEMAND BY POLICE OFFICER</description><location>OLD GEORGETOWN RD/CORDELL AV</location><accident>No</accident><belts>No</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>No</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 - Automobile</vehicle_type><year>2006</year><make>JEEP</make><model>CHEROKEE</model><color>GREEN</color><violation_type>Warning</violation_type><charge>13-409(b)</charge><article>Transportation Article</article><contributed_to_accident>No</contributed_to_accident><race>WHITE</race><gender>F</gender><driver_city>BETHESDA</driver_city><driver_state>MD</driver_state><dl_state>MD</dl_state><arrest_type>A - Marked Patrol</arrest_type></row><row _id="1762264" _uuid="DAC6C71C-B660-4C09-9802-0CFD1BA0F138" _position="1762264" _address="http://data.montgomerycountymd.gov/resource/_4mse-ku6q/1762264"><date_of_stop>2015-07-31T00:00:00</date_of_stop><time_of_stop>17:14:00</time_of_stop><agency>MCP</agency><subagency>2nd district, Bethesda</subagency><description>DRIVER FAILURE TO OBEY PROPERLY PLACED TRAFFIC CONTROL DEVICE INSTRUCTIONS</description><location>OLD GEORGETOWN RD/CORDELL AV</location><accident>No</accident><belts>No</belts><personal_injury>No</personal_injury><property_damage>No</property_damage><fatal>No</fatal><commercial_license>No</commercial_license><hazmat>No</hazmat><commercial_vehicle>No</commercial_vehicle><alcohol>No</alcohol><work_zone>No</work_zone><state>MD</state><vehicle_type>02 -
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-26-2016 12:41 PM

Give this a try

SHOULD_LINEMERGE=false
LINE_BREAKER=(\<row\s)

View solution in original post

Reply
Solved! Jump to solution

maciep
Champion
‎10-26-2016 02:58 PM

do you actually want that tag to be the line breaker? Or do you want splunk to break lines after it (or before the tag).

If you use it as the line breaker, then that tag will not show up in your events. So if you want it in your events, you might want to use break_only_before or a similar setting

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-26-2016 12:41 PM

Give this a try

SHOULD_LINEMERGE=false
LINE_BREAKER=(\<row\s)
Reply
Solved! Jump to solution

abhishekdharga
Engager
‎10-26-2016 01:22 PM

No it didn't work

0 Karma
Reply
Solved! Jump to solution

abhishekdharga
Engager
‎10-26-2016 03:00 PM

It started working thanks actually i created my own app and edited props.conf then it worked.

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎10-26-2016 01:47 PM

YOu used both the properties as it is? How are you testing it, from Add Data flow in UI OR adding to props.conf on Indexer/Heavy Forwarder?

0 Karma
Reply
Solved! Jump to solution

abhishekdharga
Engager
‎10-26-2016 02:07 PM

I am tried UI as well as props.conf

0 Karma
Reply
Solved! Jump to solution

abhishekdharga
Engager
‎10-26-2016 02:07 PM

Then using one shot command I am adding that

0 Karma
Reply
Solved! Jump to solution

abhishekdharga
Engager
‎10-26-2016 02:08 PM

I tried this too </\w+><row\s

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...