Thanks!, I tried but still, it returns only A, B.. but not C, D & E, F.

wouldn't you want to use xpath or spath to deal with XML?

I tried, but not sure on it. So I had written a query using rex as below, it returns only error code1 detail1 all the times.

(one = code , two = detail)

InterfaceResponse|
rex "\(?.{2,60})<\/msg:succes" | where success = "false" |
rex "\(?.{2,60})<\/msg:cod" |
rex "\(?.{10,60})<\/msg:cod" |
rex "\(?.{10,60})<\/msg:cod" |
rex "(?.{2,60})<\/msg:detai" |
rex "(?.{10,60})<\/msg:detai" |
rex "(?.{10,60})<\/msg:detai" |
table MessageUUID success errorcode1 errorcode2 errorcode3 detail1 detail2 detail3

when you tried xpath, what did you try? |xpath outfield=one "//msg:XYS/msg:ONE"

I tried as well, but not sure on it. here is the sample request, which I am trying to put it on a table (which results with error descp 1, 2 & 3). please advise.

trying to extract this output as a table