We are having a issue. Sometimes our input XML file is splint in to two.

In the above image you can see, both are same files but last 6 lines are split in to another.

So when we read the file using 'spath' we are getting null value.

Example file in correct format :
<?xml version="1.0" encoding="UTF-8"?><message>
<software-version>4.1.1810-65</software-version>
<customer-job-id>722739-151801-NBS-CMC400-001-LT_Slit-Merge-NBS-001</customer-job-id>
<submission>
<submit-number>1</submit-number>
<job-submission-id>722739-151801-NBS-CMC400-001-LT_Slit-Merge-NBS-001.s1</job-submission-id>
<frame-inches-along-web-initial-value>10.850</frame-inches-along-web-initial-value>
<frame-inches-across-web>17.000</frame-inches-across-web>
<statistics>
<current-copy/>
<actual-linear-feet-used>3515.5</actual-linear-feet-used>
<sides>
<side-a>
<frames-printed-ok>3844</frames-printed-ok>
<frames-printed-error>0</frames-printed-error>
</side-a>
<side-b>
<frames-printed-ok>3844</frames-printed-ok>
<frames-printed-error>0</frames-printed-error>
</side-b>
</sides>
<ink-usage>
<units>liters</units>
<sides>
<side-a completed="true">
<fixer>0.004482</fixer>
<black>0.01374</black>
<cyan>0.002765</cyan>
<magenta>0.007962</magenta>
<yellow>0.000572</yellow>
</side-a>
<side-b completed="true">
<fixer>0.003547</fixer>
<black>0.01467</black>
<cyan>0.002751</cyan>
<magenta>0.009444</magenta>
<yellow>0.00047</yellow>
</side-b>
</sides>
</ink-usage>
</statistics>
</submission>
</message>

Example file in another format :

File 1:

<?xml version="1.0" encoding="UTF-8"?><message>
<software-version>4.1.1810-65</software-version>
<customer-job-id>722739-151801-NBS-CMC400-001-LT_Slit-Merge-NBS-001</customer-job-id>
<submission>
<submit-number>1</submit-number>
<job-submission-id>722739-151801-NBS-CMC400-001-LT_Slit-Merge-NBS-001.s1</job-submission-id>
<frame-inches-along-web-initial-value>10.850</frame-inches-along-web-initial-value>
<frame-inches-across-web>17.000</frame-inches-across-web>
<statistics>
<current-copy/>
<actual-linear-feet-used>3515.5</actual-linear-feet-used>
<sides>
<side-a>
<frames-printed-ok>3844</frames-printed-ok>
<frames-printed-error>0</frames-printed-error>
</side-a>
<side-b>
<frames-printed-ok>3844</frames-printed-ok>
<frames-printed-error>0</frames-printed-error>
</side-b>
</sides>
<ink-usage>
<units>liters</units>
<sides>
<side-a completed="true">
<fixer>0.004482</fixer>
<black>0.01374</black>
<cyan>0.002765</cyan>
<magenta>0.007962</magenta>
<yellow>0.000572</yellow>
</side-a>
<side-b completed="true">
<fixer>0.003547</fixer>
<black>0.01467</black>
<cyan>0.002751</cyan>
<magenta>0.009444</magenta>
<yellow>0.00047</yellow>

File 2:

</side-b>
</sides>
</ink-usage>
</statistics>
</submission>
</message>

Query :

(index="sample_*") sourcetype=sample_job_xml |where host="XP251" | where source="apc/def/722739-151801-NBS-CMC400-001-LT_Slit-Merge-NBS-001"
| spath input=_raw path=message.customer-job-id output=customer-job-id
| spath input=_raw path=message.submission output=submission
| spath input=submission path=job-submission-id output=job-submission-id
| spath input=submission path=statistics.actual-linear-feet-used output=actual-linear-feet-used
| spath input=submission path=frame-inches-across-web output=frame-inches-across-web
| spath input=submission path=frame-inches-along-web output=frame-inches-along-web
| spath input=submission path=job-manifest.end-range.side-a.copy-relative-frame-number output=side-a.copy-relative-frame-number
| spath input=submission path=job-manifest.end-range.side-b.copy-relative-frame-number output=side-b.copy-relative-frame-number
| spath input=submission path=statistics.sides.side-a.frames-printed-ok output=side-a.frames-printed-ok
| spath input=submission path=statistics.sides.side-b.frames-printed-ok output=side-b.frames-printed-ok
| spath input=submission path=statistics.ink-usage.sides.side-a.fixer output=side-a.fixer | spath input=submission path=statistics.ink-usage.sides.side-b.fixer output=side-b.fixer
| spath input=submission path=statistics.ink-usage.sides.side-a.black output=sides.side-a.black | spath input=submission path=statistics.ink-usage.sides.side-b.black output=side-b.black
| spath input=submission path=statistics.ink-usage.sides.side-a.cyan output=side-a.cyan | spath input=submission path=statistics.ink-usage.sides.side-b.cyan output=side-b.cyan
| spath input=submission path=statistics.ink-usage.sides.side-a.magenta output=side-a.magenta | spath input=submission path=statistics.ink-usage.sides.side-b.magenta output=side-b.magenta
| spath input=submission path=statistics.ink-usage.sides.side-a.yellow output=side-a.yellow | spath input=submission path=statistics.ink-usage.sides.side-b.yellow output=side-b.yellow
| fields host,source,customer-job-id,job-submission-id,actual-linear-feet-used,frame-inches-across-web,frame-inches-along-web,side-a.copy-relative-frame-number,side-b.copy-relative-frame-number,side-a.frames-printed-ok,side-b.frames-printed-ok,side-a.fixer,side-b.fixer,sides.side-a.black,side-b.black,side-a.cyan,side-b.cyan,side-a.magenta,side-b.magenta,side-a.yellow,side-b.yellow
|eval res=substr('customer-job-id',0,9), numberString=replace(if(like(res, "%v1_%"), mvindex(split(res,"_"),1), if(like(res, "%%"),mvindex(split(res,"-"),0),res)),"\D","") ,Jobnumber=if('customer-job-id'="startup-calibration","Diagnostic",if(len(numberString)=6,numberString,"UnKnown"))
| table host,source,Jobnumber,customer-job-id,job-submission-id,actual-linear-feet-used,frame-inches-across-web,frame-inches-along-web,side-a.copy-relative-frame-number,side-b.copy-relative-frame-number,side-a.frames-printed-ok,side-b.frames-printed-ok,side-a.fixer,side-b.fixer,sides.side-a.black,side-b.black,side-a.cyan,side-b.cyan,side-a.magenta,side-b.magenta,side-a.yellow,side-b.yellow | fillnull value="NULL" | where host="XP251"  and 'customer-job-id'="722739-151801-NBS-CMC400-001-LT_Slit-Merge-NBS-001"

sample result

Here  in have to get the values instead of null when the file is split in to two. Thanks in advance