Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

XML parsing with condition

indianhans
Engager
‎12-20-2014 04:52 AM

Hi

I am novice to splunk and need help in writing a splunk query in order to find Order ID (ORD********)

Sample XML

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-21-2014 08:59 AM

I can't see your sample data.

0 Karma
Reply

fdi01
Motivator
‎12-20-2014 08:46 AM

run in bar search the following search:
index=your_index_name

or
index=your_index_name source=your_source_name sourcetype=your_sourcetype_name

index=your_index_name source=your_source_name sourcetype=your_sourcetype_name|....your_condictions_search
exple:
index=you_index host=you_host "Error" | chart count sparkline(count, 1h) as trend by host | sort -count

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-21-2014 08:59 AM

Is this even related to the question?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...