xpath
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
xpath
Synopsis
Extracts the xpath value from field and sets the outfield attribute.
Syntax
xpath string:xpath [field=field] [outfield=field] [default=string]
Arguments
- field
- Datatype: field=<field>
- Description: The field to find and extract the referenced
xpathvalue. Defaults to_raw.
- outfield
- Datatype: outfield=<field>
- Description: The field to write the
xpathvalue. Defaults toxpath.
- default
- Datatype: default=<string>
- Description: If the attribute referenced in
xpathdoesn't exist, this specifies what to write to outfield.
- xpath
- Datatype: <string>
- Description: Specify the XPath reference.
Description
Sets the value of outfield to the value of the xpath applied to field. If no value could be set, the default value is set. field defaults to _raw; outfield, to xpath; and default, to not setting a default value.
Examples
Example 1: Extract the name value from _raw XML events, which might look like this:
<foo> <bar name=spock> </bar> </foo>
sourcetype="xml" | xpath "//bar/@name" outfield=nameSee also
extract, kvform, multikv, rex, xmlkv
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.