×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
madrinux
Engager
Member since: ‎02-17-2016
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎02-17-2016
Activity Feed
View All

Re: How to configure props.conf to parse XML on Ne...

by in Getting Data In
‎02-17-2016 12:15 PM
‎02-17-2016 12:15 PM
Hy skoelpin, thanks in advance for your help. Actually, for while I have a XML file and I intend to insert this file through menu web portal --> upload files from my computer. And the sample above is exactly what i need to insert on Splunk. My question is, how to parse this information and put each information on right field. For instance : Ipaddres, Mac Address, FolderName, FolderAttibute and son on.... May be would be a little bit clear if you see my sample.conf configuration that didn't work as I expected. Bellow: [NetScan] DATETIME_CONFIG = CURRENT KV_MODE = xml LINE_BREAKER = (<devices>) MUST_BREAK_AFTER = \</devices\> NO_BINARY_CHECK = 1 SHOULD_LINEMERGE = false TRUNCATE = 0 pulldown_type = 1 FIELDALIAS-rootfields = item.ip-address as IPADDRESS item.hostname as HOSTNAME item.mac-address as MACADD item.response-time as RESPTIME item.folders.item.name as SHARE item.folders.item.attr as ATTRIBUTE ... View more

How to configure props.conf to parse XML on NetSca...

by in Getting Data In
‎02-17-2016 11:20 AM
‎02-17-2016 11:20 AM
Hey Friends I'm having a lot of issues importing an XML file to my Splunk Enterprise. Actually, I'm a new user to Splunk and still trying without success inthis xml file. Googling around, I figured out that the right file to configuring this parsing should be props.conf, but I already tried to make some changes and configurations inside props.conf, but didn't see a way to do it right. Indeed, this file is a result from a NetScan and I'm not getting how to configure this property. Could you guys give me a little help? Below you can see a sample of file that I'm trying to parse. Pay attention that when this scan found additional information regarding share to specific device, this also insert as a parameter for folder, and, unfortunately we cannot change the way that this report is issued. <?xml version="1.0"?> <network-scanner-result> <summary> <title>Network Scanner</title> <range></range> <date>2016-02-01T13:14:51.570-02:00</date> </summary> <devices> <item> <ip-address>10.77.4.57</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>1</response-time> </item> <item> <ip-address>10.77.4.58</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>0</response-time> </item> <item> <ip-address>10.77.4.61</ip-address> <folders> <item> <name>MPC3001</name> <attr>printer</attr> </item> <item> <name>IPC$</name> <attr>ipc</attr> </item> </folders> <hostname>RNP002673377C09</hostname> <mac-address>002673377C09</mac-address> <response-time>8</response-time> </item> <item> <ip-address>10.77.4.90</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>0</response-time> </item> <item> <ip-address>10.77.4.91</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>2</response-time> </item> <item> <ip-address>10.77.4.92</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>0</response-time> </item> <item> <ip-address>10.77.4.93</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>1</response-time> </item> <item> <ip-address>10.77.4.94</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>0</response-time> </item> <item> <ip-address>10.77.4.95</ip-address> <hostname></hostname> <mac-address>000000000000</mac-address> <response-time>5</response-time> </item> </devices> </network-scanner-result> Could you guys give-me a little help how can I Parse that? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All