I am new to Splunk. i was able to get data indexed for regular lg files., but we have some Ora audit XML files that we want to index to search data for truobleshooting some issues. to try this, we have put some of the XML files on the splunk server in a location /mnt/avtest
name of files = idprd1_ora_17472_1.xml, idprd1_ora_17482_2.xml ...
sample data :
1684097112014-11-25T18:09:48.792252Zuseruserhost17482unknown110000000000000000000Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=IP_address)(PORT=port))511111
select pldgrouppe0_.id as id40_, pldgrouppe0_.CREATION_TIMESTAMP as CREATION2_40_, pldgrouppe0_.created_by as created3_40_, pldgrouppe0_.pld_group_id as pld6_40_, pldgrouppe0_.pld_person_id as pld7_40_, pldgrouppe0_.LAST_UPDATE_TIMESTAMP as LAST4_40_, pldgrouppe0_.LAST_UPDATED_BY as LAST5_40_ from pld_group_person pldgrouppe0_ where pldgrouppe0_.pld_group_id=:1
Can you please guide me how to add the XML data and parse it? I have tried doing it using the splunk web also followed examples to edit props.conf and inputs.conf to index data, but its still not indexing data.
... View more