Solved: Re: How to write a regular expression for a xml fi...

manidandu · ‎08-01-2021

I need to mask data for fields values of <ab:Nm>, <ab:StrtNm>, <ab:PstCd>, <ab:TwnNm>, <ab:CtrySubDvsn>, <ab:Ctry>, <ab:Ustrd> from below events:

First Event:

<ab:Dbtr>
<ab:Nm>ACB L OESGT AGBDH</ab:Nm>
<ab:PstlAdr>
<ab:StrtNm>12345 BELBON WAY</ab:StrtNm>
<ab:PstCd>45352-1242</ab:PstCd>
<ab:TwnNm>CUBA TWP</ab:TwnNm>
<ab:CtrySubDvsn>AB</ab:CtrySubDvsn>
<ab:Ctry>CD</ab:Ctry>
</ab:PstlAdr>
</ab:Dbtr>
<ab:RmtInf>
<ab:Ustrd>happy birthday 💖</ab:Ustrd>
</ab:RmtInf>

Second Event:

<ab:Dbtr>
<ab:Nm>AMIRA S ELHASSAN</ab:Nm>
<ab:PstlAdr>
<ab:StrtNm>5267 APHEG DR</ab:StrtNm>
<ab:PstCd>54672-1080</ab:PstCd>
<ab:TwnNm>ANTARTICA BEACH</ab:TwnNm>
<ab:CtrySubDvsn>EF</ab:CtrySubDvsn>
<ab:Ctry>CD</ab:Ctry>
</ab:PstlAdr>
</ab:Dbtr>
<ab:RmtInf>
<ab:Ustrd>happy birthday, birthday party on me</ab:Ustrd>
</ab:RmtInf>

Third event:
<ab:Dbtr>
<ab:Nm>ALYSSA FOSTER</ab:Nm>
<ab:PstlAdr>
<ab:StrtNm>529833 PRIME BILL CT</ab:StrtNm>
<ab:PstCd>45673-8297</ab:PstCd>
<ab:TwnNm>BEDERICK</ab:TwnNm>
<ab:CtrySubDvsn>MD</ab:CtrySubDvsn>
<ab:Ctry>CD</ab:Ctry>
</ab:PstlAdr>
</ab:Dbtr>
<ab:RmtInf>
<ab:Ustrd>happy birthday my love, have fun.</ab:Ustrd>
</ab:RmtInf>

Can someone help me with the regex?

ITWhisperer · ‎08-01-2021

<ab:Nm>(?<Nm>[^<]+)<\/ab:Nm>

Repeat for each tag

View solution in original post

ITWhisperer · ‎08-01-2021

<ab:Nm>(?<Nm>[^<]+)<\/ab:Nm>

Repeat for each tag

manidandu · ‎08-01-2021

Thanks for your help @ITWhisperer .. To mask these field values I can use sedcmd as below right?

SEDCMD-Test = s/<ab:Nm>(?<Nm>[^<]+)/<ab:Nm>########/g

Expected Output:

<ab:Nm>########</ab:Nm>

How to write a regular expression for a xml file

using Splunk Enterprise

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?