Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

No data displayed when extract fields from xml data in a log file using xpath

3618475
Engager
‎05-21-2020 09:14 AM

I am using Splunk to extract a number of fields from xml data this is contained in a log file.
The file is very large. This is part of it.

 xmlns:ns2="http://ground.fedex.com/schemas/linehaul/TMSCommon">
   PURCHASEDLINEHAUL
   APPROVE
   116029927
   104257037
   104257037
   1
   2020-02-20T21:53:39.000Z
.... more lines here that are not important


         1587040
         FXTR
         DRAY
         RULE
         PZ1

            923
            RLTO
            330 RESOURCE DRIVE
            LH PHONE 877-851-3543
            true

This query selects the xml part text in the logging file and some of the fields are extracted and I can add to a table. (not including the source and sourcetype..)

| xmlkv | table purchCostReference, eventType, carrier, billingMethod

But need more fields that are child elements within the xml data. One of them is the numberCode. I am trying to use xpath to extract these additional fields. 

| xmlkv | xpath
"//tmsTrip/purchasedCost/purchasedCostTripSegment/origin/ns2:numberCode"

outfield=Origin | table
purchCostReference, eventType,
carrier, billingMethod, Origin

But no Origin data is returned when I add the field to the table. There is no error. The Origin column is empty.
What am I doing wrong with the xpath command that it is not showing any data?

0 Karma
Reply

to4kawa
Ultra Champion
‎05-22-2020 07:18 PM 
...
| xmlkv | spath path="tmsTrip.purchasedCost.purchasedCostTripSegment.origin.ns2:numberCode" output=Origin
| table purchCostReference, eventType,carrier, billingMethod, Origin
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top