Getting Data In

xpath with splunk

bfaber
Communicator

How compliant is the xpath command with the real xpath? Is there a specific xpath library used?

Tags (2)
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

The Splunk xpath search command uses the Python lxml library http://codespeak.net/lxml/ that is packaged and shipped with the Splunk Python installation. According to its own FAQ http://codespeak.net/lxml/FAQ.html#what-standards-does-lxml-implement it uses Gnome libxml2 and libxslt. I believe these are considered among the most standards-compliant implementations available.

The search command itself is a relatively simple wrapper script that is in $SPLUNK_HOME/etc/apps/search/bin/xpath.py. It is possible to replace or add a different parser by writing a similar script around it. See: http://www.splunk.com/base/Documentation/latest/SearchReference/Aboutcustomsearchcommands

View solution in original post

hvandenb
Path Finder

Phython lib is located http://lxml.de/

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

The Splunk xpath search command uses the Python lxml library http://codespeak.net/lxml/ that is packaged and shipped with the Splunk Python installation. According to its own FAQ http://codespeak.net/lxml/FAQ.html#what-standards-does-lxml-implement it uses Gnome libxml2 and libxslt. I believe these are considered among the most standards-compliant implementations available.

The search command itself is a relatively simple wrapper script that is in $SPLUNK_HOME/etc/apps/search/bin/xpath.py. It is possible to replace or add a different parser by writing a similar script around it. See: http://www.splunk.com/base/Documentation/latest/SearchReference/Aboutcustomsearchcommands

Justin_Grant
Contributor

Wow, great answer!

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...