How to use spath to extract all Step Names which h...

justgovind30198 · ‎07-23-2015

hi,

below is my XML file format

<?xml version="1.0" encoding="UTF-8"?>
<RSDReport xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <Details>
    <Region>EMEA</Region>
    <FlocID>23872378</FlocID>
    <Location>
      <Country>America</Country>
      <State>California</State>
      <City>LA</City>
      <Hospital>GetCure</Hospital>
    </Location>
  </Details>
  <TargetMachines>
    <TargetMachine Name="Demo_Machine38" IPAddress="10.0.0.38" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc01">
      <Tasks>
        <Task TaskSer="43" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine39" IPAddress="10.0.0.39" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc01">
      <Tasks>
        <Task TaskSer="44" PackageName="Client Applications" PackageVersion="V13.5 (P1007499-002)" PackageID="ec47a4b7-b60c-4084-b212-f66f88ba1e33" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
        <Task TaskSer="45" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine40" IPAddress="10.0.0.40" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc01">
      <Tasks>
        <Task TaskSer="46" PackageName="Client Applications" PackageVersion="V13.5 (P1007499-002)" PackageID="ec47a4b7-b60c-4084-b212-f66f88ba1e33" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine41" IPAddress="10.0.0.41" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc01">
      <Tasks>
        <Task TaskSer="47" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine42" IPAddress="10.0.0.42" Status="NoCommunication" StatusMessage="" IsManuallyInstalled="true" Location="lc02">
      <Tasks>
        <Task TaskSer="48" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="InProgress" StatusMessage="TimeLogger38: Extracting files" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine43" IPAddress="10.0.0.43" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc02">
      <Tasks>
        <Task TaskSer="49" PackageName="Client Applications" PackageVersion="V13.5 (P1007499-002)" PackageID="ec47a4b7-b60c-4084-b212-f66f88ba1e33" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine44" IPAddress="10.0.0.44" Status="NoCommunication" StatusMessage="" IsManuallyInstalled="true" Location="lc02">
      <Tasks>
        <Task TaskSer="50" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="InProgress" StatusMessage="TimeLogger38: Extracting files" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine45" IPAddress="10.0.0.45" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc02">
      <Tasks>
        <Task TaskSer="51" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine46" IPAddress="10.0.0.46" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc03">
      <Tasks>
        <Task TaskSer="52" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="Fail" StatusMessage="TimeLogger2: Failed to transfer files to agent, due to insufficient disk space" IsCancelled="false" IsDeleted="false">
          <Steps>
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB299ED33" Name="TimeLogger1" Status="Pass" StepSer="3800" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290ED33" Name="TimeLogger2" Status="Fail" StepSer="3801">
              <Logs />
            </Step>
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD33" Name="TimeLogger3" Status="NotStarted" StepSer="3802" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD34" Name="TimeLogger4" Status="NotStarted" StepSer="3803" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD35" Name="TimeLogger5" Status="NotStarted" StepSer="3804" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD36" Name="TimeLogger6" Status="NotStarted" StepSer="3805" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD37" Name="TimeLogger7" Status="NotStarted" StepSer="3806" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD38" Name="TimeLogger8" Status="NotStarted" StepSer="3807" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD39" Name="TimeLogger9" Status="NotStarted" StepSer="3808" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD40" Name="TimeLogger10" Status="NotStarted" StepSer="3810" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD41" Name="TimeLogger11" Status="NotStarted" StepSer="3811" />
            <Step ID="A95F58E1-F040-47DC-8C4E-871DB290AD42" Name="TimeLogger12" Status="NotStarted" StepSer="3812" />
          </Steps>
        </Task>
      </Tasks>
    </TargetMachine>
    <TargetMachine Name="Demo_Machine47" IPAddress="10.0.0.47" Status="Running" StatusMessage="" IsManuallyInstalled="true" Location="lc03">
      <Tasks>
        <Task TaskSer="53" PackageName="Sample Task New" PackageVersion="2.0.0.0" PackageID="ID_Sample_EXE_Success_New" Status="Pass" StatusMessage="Successfully completed package deployment" IsCancelled="false" IsDeleted="false" />
      </Tasks>
    </TargetMachine>
  </TargetMachines>
</RSDReport>

Now I want to make a chart of the step names which have their status as failed.

Note: I have made my complete file as one event and I am trying to use the search below, but no success!

...| spath output="branchRegion" path="Report.Details.Region" | search branchRegion="*"  | spath output="StepName" path="Report.TargetMachines.TargetMachine.Tasks.Task.Steps.Step{@Name}" | spath output="StepStatus" path="Report.TargetMachines.TargetMachine.Tasks.Task.Steps.Step{@Status}" | search StepStatus=Fail | stats count by StepName

Thanks in advance

richgalloway · ‎07-23-2015

Start out small and add to your query until you find the source of the error. Begin with ...| spath output="branchRegion" path="RSDReport.Details.Region" and verify the results before adding the next part of the query.

---
If this reply helps you, Karma would be appreciated.

justgovind30198 · ‎07-23-2015

I tried the same. but no success!

richgalloway · ‎07-24-2015

Which part of your query is failing?

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎07-23-2015

I'm not very familiar with spath, but it seems the top level of the path argument should be 'RSDReport' rather than 'Report'.

---
If this reply helps you, Karma would be appreciated.

justgovind30198 · ‎07-23-2015

Its a spelling mistake while posting question I have used RSDReport only.

justgovind30198 · ‎07-23-2015

sorry for the wrong query actually it is RSDReport. only. but still its not working

How to use spath to extract all Step Names which have a status as Fail! from my XML data?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

How to use spath to extract all Step Names which have a status as Fail! from my XML data?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25