Splunk Search

How to get fieldsummary on the xml values of request body

msrama5
Explorer

Hello, I have XML data as values of requestbody field in Splunk search below, need field summary on the break down of XML data, XML data is complex one and provided a sample of the XML data, how to get summary on the break down of XML data

index = aos environment=ps sourcetype=aos requestbody=*  | fields requestbody

requestbody xml values format
Transactions
Transaction
Order
OrderId abc1 OrderId
Order
Transaction
Transactions

0 Karma

to4kawa
Ultra Champion

Why do NOT you use Code Sample?

 index = aos environment=ps sourcetype=aos requestbody=*  
| spath input=requestbody
| fieldsummary

maybe, your sample below:

| makeresults
| eval _raw="<Transactions>
<Transaction>
<Order><OrderId>abc1</OrderId></<Order>
</Transaction>
</Transactions>"
| spath
| fields - _*
| fieldsummary
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...