Re: Field Extraction from XML multiple Tag Element...

dfofie · ‎07-02-2019

Hello,
I have the following XML file containing many Objects elements.

<?xml version='1.0' encoding='UTF-8'?>
<Module name='ModuleName' ModuleAttributeName='/Path/To/ModuleName'>
    <ModuleAttribute name='IN_Scope' value='Project'/>
    <ModuleAttribute name='IN_Type' value='TRP'/>
    <ModuleAttribute name='IN_Feature' value='SYS'/>
    <ModuleAttribute name='IN_Area' value='SYSTEM'/>
    <ModuleAttribute name='ModuleType' value='TRP'/>
<Object id='11' MUID='MUID.11' GUID='110023er.11' >
    <Attribute name='State' value='ok'/>
    <Attribute name='evaluated' value='no'/>
    <Attribute name='original ASIL-Classification' value='---'/>
    <Attribute name='Source_CQ_ID' value=''/>
</Object>
<Object id='12' MUID='MUID.12' GUID='110023er.12' >
    <Attribute name='State' value='ok'/>
    <Attribute name='evaluated' value='no'/>
    <Attribute name='original ASIL-Classification' value='---'/>
    <Attribute name='Source_CQ_ID' value=''/>
</Object></Module>

``

I have liked to have the following structure:

Object
    - ModuleName: ModuleAttributeName
    - ModuleFullName: /Path/To/ModuleName
    - ModuleIN_Scope: Project
    - ModuleIN_Feature: TRP
    - ModuleAttributeWhatever: ...
    - ObjectState: ok
    - ObjectEvaluated: no
    - ObjectSource_CQ_ID: ''

How can I easily parse this in splunk ? The Module Tag appeas

Sukisen1981 · ‎07-03-2019

are you looking for index time or search time extraction?

dfofie · ‎07-03-2019

Hello @sukissen, I'm mostly looking for the index time extraction.

Field Extraction from XML multiple Tag Elements [In Splunk Web - Index Time]

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!