A query to get the xml files which has the specifi...

sasireka · ‎04-09-2021

I have displayed two sample xml files below. I have to check whether a xml file has <customer-job-id> and <submission> tags. If both tags are there then we have to take it otherwise leave the xml file and move to next xml file

Sample XML file:

<?xml version="1.0" encoding="UTF-8"?><message>

<customer-job-id>cust1</customer-job-id>

<job>

</job>

</submission></message>

<?xml version="1.0" encoding="UTF-8"?><message>

<customer-job-id>cust2</customer-job-id>

</message>

ITWhisperer · ‎04-09-2021

Are these xml files already ingested as events? If so, you could use regex to filter them

| makeresults 
| eval xml=split("<?xml version=\"1.0\" encoding=\"UTF-8\"?><message>
<customer-job-id>cust1</customer-job-id>
<submission>
<job>
</job>
</submission></message>
|
<?xml version=\"1.0\" encoding=\"UTF-8\"?><message>
<customer-job-id>cust2</customer-job-id>
</message>","|")
| mvexpand xml
| regex xml="\<customer\-job\-id\>[^\<]+\<\/customer\-job\-id\>[\w\W]*\<submission\>"

A query to get the xml files which has the specified tags

table

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!