Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Best way to extract the regex for the below xm...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best way to extract the regex for the below xml format
payal23
Path Finder
07-18-2019
12:10 AM
Extraction should be like : For the measTypes
Count=120
AcceptCount=10
and so on..
<measInfo>
<granPeriod duration="123" endTime="2019-05-07T15:40:00+09:00"/>
<repPeriod duration="123"/>
<measTypes>Count AcceptCount RecurseCount RefuseCount DeferCount DeferTime TimeoutCount TimeoutTime RaceCount Latency TimeoutLatency</measTypes>
<measValue measObjLdn="group=lock,scope=\2A">
<measResults>120 10 0 0.69 0 0.0 8 0 0 NULL NULL</measResults>
</measValue>
</measInfo>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
payal23
Path Finder
07-22-2019
12:43 AM
<measInfo>
<granPeriod duration="PT300S" endTime="2019-05-07T15:40:00+09:00"/>
<repPeriod duration="PT300S"/>
<measTypes>Specific Aggregate GcSpecific OtherSpecific BizzaroSpecific SkewSpecific</measTypes>
<measValue measObjLdn="group=lag,lagInstance=0">
<measResults>25037 25059 0 25037 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=1">
<measResults>1 11 0 1 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=2">
<measResults>1 5 0 1 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=3">
<measResults>2 2 0 2 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=4">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=5">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=6">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=7">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=8">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=9">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=10">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=11">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=12">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=13">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=14">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=15">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=16">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=17">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=18">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn="group=lag,lagInstance=19">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
</measInfo>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vnravikumar
Champion
07-22-2019
12:54 AM
Hi
Try this
| makeresults
| eval test="<measInfo>
<granPeriod duration=\"PT300S\" endTime=\"2019-05-07T15:40:00+09:00\"/>
<repPeriod duration=\"PT300S\"/>
<measTypes>Specific Aggregate GcSpecific OtherSpecific BizzaroSpecific SkewSpecific</measTypes>
<measValue measObjLdn=\"group=lag,lagInstance=0\">
<measResults>25037 25059 0 25037 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=1\">
<measResults>1 11 0 1 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=2\">
<measResults>1 5 0 1 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=3\">
<measResults>2 2 0 2 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=4\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=5\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=6\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=7\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=8\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=9\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=10\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=11\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=12\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=13\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=14\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=15\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=16\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=17\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=18\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
<measValue measObjLdn=\"group=lag,lagInstance=19\">
<measResults>0 0 0 0 0 0</measResults>
</measValue>
</measInfo>
"
| spath input=test path=measInfo.measValue.measResults
| mvexpand measInfo.measValue.measResults
| makemv measInfo.measValue.measResults
| spath input=test path=measInfo.measTypes
| makemv measInfo.measTypes
| rename measInfo.measValue.measResults as measResults, measInfo.measTypes as measTypes
| table measTypes,measResults
| eval result = mvzip(measTypes,measResults,"=")
| table result
If it succeeds, please accept the answer
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
payal23
Path Finder
07-22-2019
06:28 PM
Thanks. But I am expecting the data in the below format.
measObjLdn measTypes measValues
group=lag,lagInstance=0 Specific 25037
Aggregate 25059
GcSpecific 0
OtherSpecific 25037
BizzaroSpecific 0
SkewSpecific 0
group=lag,lagInstance=1 Specific 1
Aggregate 11
GcSpecific 0
OtherSpecific 1
BizzaroSpecific 0
SkewSpecific 0
group=lag,lagInstance=3 Specific 2
Aggregate 2
GcSpecific 0
OtherSpecific 2
BizzaroSpecific 0
SkewSpecific 0
And so on..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
payal23
Path Finder
07-21-2019
07:17 PM
Thanks Ravi.
For few of the XMLs I have below scenario:
Here, multivalue field extraction is required. So, the output should be
For each measObjLdn (group=lock,scope=\2A) the values of Count AcceptCount RecurseCount RefuseCount DeferCount DeferTime TimeoutCount TimeoutTime RaceCount Latency TimeoutLatency shold be displayed.
`
<measResults>120 10 0 0.69 0 0.0 8 0 0 NULL NULL</measResults>
</measValue>
<measResults>120 10 0 0.69 0 0.0 8 0 0 NULL NULL</measResults>
</measValue>
</measInfo>`
Thanks,
Payal
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vnravikumar
Champion
07-21-2019
08:32 PM
Hi
Can you please provide an XML with proper tags.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vnravikumar
Champion
07-21-2019
08:46 PM
try this
| makeresults
| eval test="<measInfo><granPeriod duration=\"123\" endTime=\"2019-05-07T15:40:00+09:00\"/>
<repPeriod duration=\"123\"/>
<measTypes>Count AcceptCount RecurseCount RefuseCount DeferCount DeferTime TimeoutCount TimeoutTime RaceCount Latency TimeoutLatency</measTypes>
<measValue measObjLdn=\"group=lock,scope=\2A\">
<measResults>120 10 0 0.69 0 0.0 8 0 0 NULL NULL</measResults>
</measValue>
<measValue measObjLdn=\"group=lock,scope=\1A\">
<measResults>120 10 0 0.69 0 0.0 1 0 0 NULL NULL</measResults>
<measResults>120 10 0 0.69 0 0.0 28 0 0 NULL NULL</measResults>
<measResults>120 10 0 0.69 0 0.0 258 0 0 NULL NULL</measResults>
</measValue>
</measInfo>"
| spath input=test path=measInfo.measValue.measResults
| mvexpand measInfo.measValue.measResults
| makemv measInfo.measValue.measResults
| spath input=test path=measInfo.measTypes
| makemv measInfo.measTypes
| rename measInfo.measValue.measResults as measResults, measInfo.measTypes as measTypes
| table measTypes,measResults
| eval result = mvzip(measTypes,measResults,"=")
| table result
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vnravikumar
Champion
07-18-2019
03:15 AM
Hi
Try this
| makeresults
| eval test="<measInfo>
<granPeriod duration=\"123\" endTime=\"2019-05-07T15:40:00+09:00\"/>
<repPeriod duration=\"123\"/>
<measTypes>Count AcceptCount RecurseCount RefuseCount DeferCount DeferTime TimeoutCount TimeoutTime RaceCount Latency TimeoutLatency</measTypes>
<measValue measObjLdn=\"group=lock,scope=\2A\">
<measResults>120 10 0 0.69 0 0.0 8 0 0 NULL NULL</measResults>
</measValue>
</measInfo>"
| spath input=test path=measInfo.measValue.measResults
| makemv measInfo.measValue.measResults
| spath input=test path=measInfo.measTypes
| makemv measInfo.measTypes
| rename measInfo.measValue.measResults as measResults, measInfo.measTypes as measTypes
| table measTypes,measResults
| eval result = mvzip(measTypes,measResults,"=")
| table result
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
payal23
Path Finder
07-21-2019
07:18 PM
Thanks Ravi.
For few of the XMLs I have below scenario:
Here, multivalue field extraction is required. So, the output should be
For each measObjLdn (group=lock,scope=\2A) the values of Count AcceptCount RecurseCount RefuseCount DeferCount DeferTime TimeoutCount TimeoutTime RaceCount Latency TimeoutLatency shold be displayed.
Count AcceptCount RecurseCount RefuseCount DeferCount DeferTime TimeoutCount TimeoutTime RaceCount Latency TimeoutLatency 120 10 0 0.69 0 0.0 8 0 0 NULL NULL 120 10 0 0.69 0 0.0 8 0 0 NULL NULL 120 10 0 0.69 0 0.0 8 0 0 NULL NULL 120 10 0 0.69 0 0.0 8 0 0 NULL NULL
Thanks,
Payal
Get Updates on the Splunk Community!
Splunk APM: New Product Features + Community Office Hours Recap!
Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...
Index This | Forward, I’m heavy; backward, I’m not. What am I?
April 2024 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with another ...
A Guide To Cloud Migration Success
As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...
