How to extract date and time from xml source file?

maheshj · ‎06-02-2016

Hi everyone,

Can you help me how to extract Date and Time from below XMLsample?

Here is example of a log:

I am looking for event associated timestamp (_time) will show as 2015-08-08T23:58:00

Thanks, cheers

woodcock · ‎06-02-2016

Try this (problems in LINE_BREAKER, TIME_PREFIX, and TIME_FORMAT and MAX_TIMESTAMP_LOOKAHEAD😞

TIME_PREFIX = <date>
TIME_FORMAT = %Y-%m-%dT%H:%M:%S
MAX_TIMESTAMP_LOOKAHEAD = 19
SHOULD_LINEMERGE = False
LINE_BREAKER = (<\/row>)
TRUNCATE = 0
KV_MODE=XML

You might also check out this Q&A:
https://answers.splunk.com/answers/406376/how-do-i-edit-my-datetimexml-file-for-my-custom-da.html#an...

Whenever you modify LINE_BREAKER, you should always use SHOULD_LINEMERGE = False.

Also, why are you using image links instead of pasting text? Then we have to type it all in (among other annoyances and problems).

maheshj · ‎06-02-2016

Hi Everyone,

I have tried below configuration setting in props.conf
props.conf

But it shows event associated timestamp as 2015-08-08T00:00:00

Please guide me where I am going wrong?

Thanks, cheers

richgalloway · ‎06-02-2016

I believe the TIME_FORMAT string won't match your data because of the "T00:00:00".

---
If this reply helps you, Karma would be appreciated.

How to extract date and time from xml source file?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)