No data displayed when extract fields from xml dat...

3618475 · ‎05-21-2020

I am using Splunk to extract a number of fields from xml data this is contained in a log file.
The file is very large. This is part of it.

 xmlns:ns2="http://ground.fedex.com/schemas/linehaul/TMSCommon">
   PURCHASEDLINEHAUL
   APPROVE
   116029927
   104257037
   104257037
   1
   2020-02-20T21:53:39.000Z
.... more lines here that are not important


         1587040
         FXTR
         DRAY
         RULE
         PZ1

            923
            RLTO
            330 RESOURCE DRIVE
            LH PHONE 877-851-3543
            true

This query selects the xml part text in the logging file and some of the fields are extracted and I can add to a table. (not including the source and sourcetype..)

| xmlkv | table purchCostReference, eventType, carrier, billingMethod

But need more fields that are child elements within the xml data. One of them is the numberCode. I am trying to use xpath to extract these additional fields.

| xmlkv | xpath
"//tmsTrip/purchasedCost/purchasedCostTripSegment/origin/ns2:numberCode"
outfield=Origin | table
purchCostReference, eventType,
carrier, billingMethod, Origin

But no Origin data is returned when I add the field to the table. There is no error. The Origin column is empty.
What am I doing wrong with the xpath command that it is not showing any data?

to4kawa · ‎05-22-2020

...
| xmlkv | spath path="tmsTrip.purchasedCost.purchasedCostTripSegment.origin.ns2:numberCode" output=Origin
| table purchCostReference, eventType,carrier, billingMethod, Origin

No data displayed when extract fields from xml data in a log file using xpath

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!