Extracting data using xpath

john · ‎03-01-2012

source="D:\\SplunkLogs\\HI_IR.xml"|xmlkv|xpath "//HI_IN//IMK[TY_ID="\234\"]//RE_N" outfield=RE_N|stats values(RE_N)

This is the code what i have tried to fetch the RE_N value which associate with TY_ID=234. But it is fetching all the RE_N value in the file. I want only RE_N value which associate with the particular TY_ID=234. Please help. This the code which I have tried which is available in Splunk DOC.

xpath "//DataSet[sname=\"BARC\"]/instrument_id" outfield=instrument_id

But this is not working.
this is a model of xml code I am working with

<?xml version="1.0" encoding="ISO-8859-1" ?>
<HI_IN XMLNS="....">
   <HEADER>
      <FILE_NAME>HI_IR</FILE_NAME>

   </HEADER>
<IMK>
   <TY_ID>234</TY_ID>
   <RE_N>kly</RE_N>

</IMK>
<IMK>
   <TY_ID>360</TY_ID>
      <RE_N>klk</RE_N>

</IMK>
<IMK>
   <TY_ID>361</TY_ID>
      <RE_N>klo</RE_N>
</IMK>
</IMK>
<TY_ID>362</TY_ID>
  <RE_N>kjk</RE_N>
</IMK>

</HI_IN>

cgadam · ‎09-12-2013

Try xpath outfield=RE_N "//HI_IN/IMK[TY_ID="234"]/RE_N"

Extracting data using xpath

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

Extracting data using xpath

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+