Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Knowledge Management
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Knowledge Management
- :
- Can you help me extract an event between tags?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jip31
Motivator
11-26-2018
02:08 AM
Hello
I have XML logs and I want to extract all the text between these tags
What is the better way to do this please???
"<Data><EventData></Data></EventData>"
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
11-26-2018
04:47 AM
Assuming this is related to you other question, the EventData_Xml field is already extracted and looks like <Data>...text...</Data>, right?
So you want to get the part from between the Data tags?
| rex field=EventData_Xml "\<Data\>(?<EventData_Data>[^\<]+)\<\/Data\>"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
11-26-2018
04:47 AM
Assuming this is related to you other question, the EventData_Xml field is already extracted and looks like <Data>...text...</Data>, right?
So you want to get the part from between the Data tags?
| rex field=EventData_Xml "\<Data\>(?<EventData_Data>[^\<]+)\<\/Data\>"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jip31
Motivator
11-26-2018
10:01 PM
many thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
11-26-2018
02:21 AM
That doesn't look like valid XML, are you sure the tags occur in that order? I would expect the </Data> to come behind the </EventData>.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jip31
Motivator
11-26-2018
02:39 AM
yes you are right sorry
Get Updates on the Splunk Community!
Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...
If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...
Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions
Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
