Hello, I have XML data as values of requestbody field in Splunk search below, need field summary on the break down of XML data, XML data is complex one and provided a sample of the XML data, how to get summary on the break down of XML data
index = aos environment=ps sourcetype=aos requestbody=* | fields requestbody
requestbody xml values format
Transactions
Transaction
Order
OrderId abc1 OrderId
Order
Transaction
Transactions
Why do NOT you use Code Sample?
index = aos environment=ps sourcetype=aos requestbody=*
| spath input=requestbody
| fieldsummary
maybe, your sample below:
| makeresults
| eval _raw="<Transactions>
<Transaction>
<Order><OrderId>abc1</OrderId></<Order>
</Transaction>
</Transactions>"
| spath
| fields - _*
| fieldsummary