Re: Join multiple fields from xml

roblr052 · ‎05-25-2018

I want to join these different product_id's from an XML file into one table:

<product_detail> 
  <product_id>1003C</product_id>
<product_detail>
  <product_id>1002C</product_id>
</product_detail>

Example: 1003C,1002C

How do I get the output of these multiple values into a semi-colon?

niketn · ‎05-25-2018

@roblr052, your sample XML data seems incorrect. Your first <product_detail> does not have an end node. I am not sure if that is how the data is or whether it was a type while posting the sample data here.

Following is a run anywhere example with corrected sample data and spath command:

|  makeresults
|  eval _raw="<data>
                 <product_detail> 
                    <product_id>1003C</product_id>
                 </product_detail>
                 <product_detail>
                    <product_id>1002C</product_id>
                 </product_detail>
              </data>"
| spath

Please try out and confirm.

If correct xml data is indexed, then either KV_MODE=xml should be used to get xml fields extracted automatically during search time field discovery.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Join multiple fields from xml

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

Join multiple fields from xml

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk