Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to extract XML attribute names and corresponding values using spath?

premdutt
Explorer
‎03-23-2015 08:12 PM

Hi
Could you please help me on the below request?

I would like to extract fields like RETURNMESSAGE, ORIGINALFILENAME , STATE and their corresponding values. The search below did not give me any result. 

| spath output=AttributeName path=TrkDescriptor.TrkObject.TrkAttr{@name}
Reply

vganjare
Builder
‎03-30-2015 05:04 AM

Hi,

What sourcetype did you use? I used the "log4net_xml" as sourcetype and used above query. It worked fine.

| spath output=AttributeName path=TrkDescriptor.TrkObject.TrkAttr{@name}

Gave following AttributeNames:

DIRECTION   1   100%    
ISALERT 1   100%    
ISSSL   1   100%    
SSLCYPHER   1   100%

Thanks!!

0 Karma
Reply

premdutt
Explorer
‎03-26-2015 03:28 PM

Thank you Experts, i was struggling on adding the sample.
Please find the sample xml.

<TrkDescriptor>
<TrkXML VERSION="1.0"/>
<TrkObject>
<TrkAttr name="DIRECTION" val="S"/>
<TrkAttr name="SSLCYPHER" val="A"/>
<TrkAttr name="ISSSL" val="0"/>
<TrkAttr name="ISALERT" val="0"/>

</TrkObject>
</TrkDescriptor>
0 Karma
Reply

fabioportes
Explorer
‎01-21-2016 12:28 PM

And how to filter results to only show the TrkAttr name when the TrkAttr val is = 0?
The output should be
ISSSL
ISALERT

Thanks!

0 Karma
Reply

gregbo
Communicator
‎09-13-2018 06:04 AM

Did you ever figure this out?

0 Karma
Reply

vganjare
Builder
‎03-24-2015 05:39 AM

Can you please share the sample xml?

Thanks!

0 Karma
Reply

fdi01
Motivator
‎03-24-2015 05:58 AM

can you show example or send your xml fine??
thank.

0 Karma
Reply

premdutt
Explorer
‎03-24-2015 02:50 PM

Sample xml

0 Karma
Reply

fdi01
Motivator
‎03-25-2015 11:09 AM

YES send it please

0 Karma
Reply

ramdaspr
Contributor
‎03-24-2015 04:19 PM

@premdutt
Use the 'Code Sample' button (5th button on the textbox menu while you write a comment) to paste the xml else the code is stripped out.

0 Karma
Reply

premdutt
Explorer
‎03-23-2015 08:13 PM

sample xml

0 Karma
Reply

ramdaspr
Contributor
‎03-23-2015 08:21 PM

The sample seems to be missing..

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
Top