I am trying to pull fields out of .xml file where I can make sense of them and put the info into a dashboard. I am trying to pull the ruleID, ruleResult, and result count out where they are relational to each other so I have (CVE#, Fail or Fixed, count#). I tried making new fields but Splunk doesn't see that these fields have any relation to each other and they just come up as individuals.
<summRes:ruleResult ruleID="CVE-2000-1985">
<summRes:ident>CVE-2000-1985</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fail">
<summRes:result count="15489"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
<summRes:ruleResult ruleID="CVE-2000-1820">
<summRes:ident>CVE-2000-1820</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fail">
<summRes:result count="14560"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
<summRes:ruleResult ruleID="CVE-2000-4568">
<summRes:ident>CVE-2000-4568</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fail">
<summRes:result count="13458"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
<summRes:ruleResult ruleID="CVE-2000-1156">
<summRes:ident>CVE-2000-1156</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fail">
<summRes:result count="12567"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
<summRes:ruleResult ruleID="CVE-2000-5641">
<summRes:ident>CVE-2000-5641</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fail">
<summRes:result count="11243"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
<summRes:ruleResult ruleID="CVE-2000-1985">
<summRes:ident>CVE-2000-1985</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fixed">
<summRes:result count="900"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
<summRes:ruleResult ruleID="CVE-2000-1156">
<summRes:ident>CVE-2000-1156</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fixed">
<summRes:result count="726"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
<summRes:ruleResult ruleID="CVE-2000-4568">
<summRes:ident>CVE-2000-4568</summRes:ident>
<summRes:ruleComplianceItem ruleResult="fixed">
<summRes:result count="455"/>
</summRes:ruleComplianceItem>
</summRes:ruleResult>
... View more