Spread our blog

Extract Fields from XML logs in Splunk

We all know that Splunk can handle almost any type of data format. Let’s say we are getting XML log from any of our index. Now we will show you how to extract fields from that XML log. Below we have given an example :

b1

b2In the above images index name is xml and sourcetype name is xml_log from where we are getting XML format data.

For extracting fields from XML format data we will use one command called xmlkv. XML logs contain key-value pairs. We will run the below query and all the fields will be extracted automatically from XML data.

Query:

index=”xml” sourcetype=”xml_log”
| xmlkv

b3

b4

Explanation :

Here we have a XML format data. In the above query index name is xml and sourcetype name is xml_log. After that we have used xmlkv command to extract fields based upon key-value pairs. See the above image, fields are being extracted based upon key-value pair.

Hope this has helped you in achieving the below requirement without fail :

Extract Fields from XML logs in Splunk

 

Happy Splunking !!

What’s your Reaction?
+1
+1
+1
2
+1
+1
+1
+1

Spread our blog
You can also know about :  Trigger an alert For ANY Unique/NEW Incoming events or results
Previous articleInteractive Field Extractor( IFX )in Splunk
Next articleReal-time Vs Historical searches & Reports
splunkgeek
Passionate content developer dedicated to producing result-oriented content, a specialist in technical and marketing niche writing!! Splunk Geek is a professional content writer with 6 years of experience and has been working for businesses of all types and sizes. It believes in offering insightful, educational, and valuable content and it's work reflects that.

RELATED ARTICLESMORE FROM AUTHOR

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here