Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

XML and JSON Data Types

shangshin
Builder
‎04-26-2012 11:39 AM

Hi, I would like to use Splunk to parse xml and json data files and trigger the alert if the element "checked" is false. I would appreciate if you can provide an example on how to set up the field extractors for these 2 data type. Thank You!

[{
"text": "Products",
"cls": "folder",
"expanded": true,
"children": [{
"text": "iPad",
"leaf": true,
"checked": true 

},{
    "text": "iPhone",
    "leaf": true,
    "checked": false       
},{
    "text": "iPod",
    "leaf": true,
    "checked": true      
}
]

}]

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎04-26-2012 11:41 AM

Examples here using the spath command.

http://docs.splunk.com/Documentation/Splunk/4.3.2/SearchReference/Spath

When you add an output it creates that field so you have the extracted value.

| spath output=myloc path=vendorproductset.product.desc.locdesc{4}{@locale}

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎04-26-2012 11:41 AM

Examples here using the spath command.

http://docs.splunk.com/Documentation/Splunk/4.3.2/SearchReference/Spath

When you add an output it creates that field so you have the extracted value.

| spath output=myloc path=vendorproductset.product.desc.locdesc{4}{@locale}

Reply
Solved! Jump to solution

shangshin
Builder
‎05-01-2012 12:29 PM

Thanks a lot for the great support!

0 Karma
Reply
Solved! Jump to solution

sdaniels
Splunk Employee
Splunk Employee
‎05-01-2012 08:06 AM

I don't have a web server to put up a screenshot, and you can't just paste them in here as far as i can tell. Email me and I can send it to you.

Reply
Solved! Jump to solution

shangshin
Builder
‎05-01-2012 07:06 AM

Hi, thanks for the reply.
I entered the search string below but didn't find the result as a new field "myloc". I also clicked on the link "View all 14 fields" but still no luck.
sourcetype="sample_xml" | spath output=myloc path=vendorproductset.product.desc.locdesc{1}{@locale}

Can you upload a screenshot if possible?

Basically, we would like to use splunk to monitor a dynamic xml file and trigger the alert if the element value matches.

0 Karma
Reply
Solved! Jump to solution

sdaniels
Splunk Employee
Splunk Employee
‎04-30-2012 03:54 PM

Hey shangshin...sorry for the delay. I didn't realize you were working on the test xml data. If you add an output, it will add your result as a new field. You'll see the field added in the bottom left under field discovery. That's the value you can now use. The whole event comes back since you matched it in your search. Now you can | to a new command with the ability to use your extracted value.

| spath output=myloc path=vendorproductset.product.desc.locdesc{4}{@locale}

Reply
Solved! Jump to solution

shangshin
Builder
‎04-26-2012 01:26 PM

I am following the example to add the sample xml "vendorProductSet" as the new search data.
However, when I entered the string string
sourcetype="sample_xml" | spath path=vendorProductSet.product.desc.locDesc{4}{@locale}
I didn't not see it extracts the attribute of the 4th locDesc (ca)
Instead, I got the whole xml returned from search result.

Am I missing anything?

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...