A query to get the xml files which has the specifi...

sasireka · ‎04-09-2021

I have displayed two sample xml files below. I have to check whether a xml file has <customer-job-id> and <submission> tags. If both tags are there then we have to take it otherwise leave the xml file and move to next xml file

Sample XML file:

<?xml version="1.0" encoding="UTF-8"?><message>

<customer-job-id>cust1</customer-job-id>

<job>

</job>

</submission></message>

<?xml version="1.0" encoding="UTF-8"?><message>

<customer-job-id>cust2</customer-job-id>

</message>

ITWhisperer · ‎04-09-2021

Are these xml files already ingested as events? If so, you could use regex to filter them

| makeresults 
| eval xml=split("<?xml version=\"1.0\" encoding=\"UTF-8\"?><message>
<customer-job-id>cust1</customer-job-id>
<submission>
<job>
</job>
</submission></message>
|
<?xml version=\"1.0\" encoding=\"UTF-8\"?><message>
<customer-job-id>cust2</customer-job-id>
</message>","|")
| mvexpand xml
| regex xml="\<customer\-job\-id\>[^\<]+\<\/customer\-job\-id\>[\w\W]*\<submission\>"

A query to get the xml files which has the specified tags

table

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

Are you a member of the Splunk Community?

A query to get the xml files which has the specified tags

table

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk