Extract Fields from XML logs in Splunk

Extract Fields from XML logs in Splunk

We all know that Splunk can handle almost any type of data format. Let’s say we are getting XML log from any of our index. Now we will show you how to extract fields from that XML log. Below we have given an example :

b1

b2In the above images index name is xml and sourcetype name is xml_log from where we are getting XML format data.

For extracting fields from XML format data we will use one command called xmlkv. XML logs contain key-value pairs. We will run the below query and all the fields will be extracted automatically from XML data.

Query:

index=”xml” sourcetype=”xml_log”
| xmlkv

b3

b4

Explanation :

Here we have a XML format data. In the above query index name is xml and sourcetype name is xml_log. After that we have used xmlkv command to extract fields based upon key-value pairs. See the above image, fields are being extracted based upon key-value pair.

Hope this has helped you in achieving the below requirement without fail :

Extract Fields from XML logs in Splunk

 

Happy Splunking !!

Advertisements

One comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.