I have an index populated with data from a Log4Net trace log.  Each Splunk event in the index is a block of XML with an XML namespace:   <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="04/22/2023 12:30:45.0456293Z"/> <Source Name="Bar"/> <Correlation ActivityID="{459d276d-8255-47be-be1d-9acd903fd3f0}"/> <Execution ProcessName="NA" ProcessID="1124" ThreadID="9"/> <Channel/> <Computer>NA</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord Severity="Information"> <TraceIdentifier/> <Description><![CDATA[Start Operation: foo]]></Description> <Activity><![CDATA[Start Operation: foo]]></Activity> <Duration>0</Duration> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent>     I am trying to search these events, and I want the contents of the "Description" XML element.  Does Splunk's implementation of XPATH support namespaces?   This search is returning no records:   index="lmstracelogs" xpath "//E2ETraceEvent/ApplicationData/TraceData/DataItem/TraceRecord/Description"     Almost every example I've found for working with XML suggests regular expressions, which seems inelegant. ... View more