Solved: xpath with splunk

bfaber · ‎04-29-2010

How compliant is the xpath command with the real xpath? Is there a specific xpath library used?

gkanapathy · ‎04-29-2010

The Splunk xpath search command uses the Python lxml library http://codespeak.net/lxml/ that is packaged and shipped with the Splunk Python installation. According to its own FAQ http://codespeak.net/lxml/FAQ.html#what-standards-does-lxml-implement it uses Gnome libxml2 and libxslt. I believe these are considered among the most standards-compliant implementations available.

The search command itself is a relatively simple wrapper script that is in $SPLUNK_HOME/etc/apps/search/bin/xpath.py. It is possible to replace or add a different parser by writing a similar script around it. See: http://www.splunk.com/base/Documentation/latest/SearchReference/Aboutcustomsearchcommands

View solution in original post

hvandenb · ‎01-15-2013

Phython lib is located http://lxml.de/

gkanapathy · ‎04-29-2010

The Splunk xpath search command uses the Python lxml library http://codespeak.net/lxml/ that is packaged and shipped with the Splunk Python installation. According to its own FAQ http://codespeak.net/lxml/FAQ.html#what-standards-does-lxml-implement it uses Gnome libxml2 and libxslt. I believe these are considered among the most standards-compliant implementations available.

The search command itself is a relatively simple wrapper script that is in $SPLUNK_HOME/etc/apps/search/bin/xpath.py. It is possible to replace or add a different parser by writing a similar script around it. See: http://www.splunk.com/base/Documentation/latest/SearchReference/Aboutcustomsearchcommands

Justin_Grant · ‎04-29-2010

Wow, great answer!

xpath with splunk

Harnessing Splunk’s Federated Search for Amazon S3

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases