How to convert the xml log into tabular output in Splunk

0
votes

Am new to splunk and am trying to have the xml log data into splunk and create report.
I have xml data which is being fed to splunk server. below is the format of data am having

<str name=size>3.32mb</str>

I want to extract this details and have this transformed in tabular format. like below Size | 3.32mb

I read something about xmlkv but i think it works on xml data like <size>3.32mb</size> but i am not sure how this will work for my requirement.

Could anyone please help me in understand this and also guide me to achieve this.

Thanks in advance.

1
splunk

1 Answers

0
votes

Assuming that your xml data is in a field called "xml", you can extract what you want with this:

xpath outfield=name field=xml "//str/@name" | spath input=xml output=sizeval path=str | fields name, sizeval

See the splunk help about xpath and spath - the examples are good enough to guide you.