Related Answers
Download topic as PDF
xmlkv
Description
The xmlkv command automatically extracts fields from XML-formatted data. For example, if the XML contains the following in its _raw data: <foo>bar</foo>, foo is the key and bar is the value.
For JSON-formatted data, use the spath command.
Syntax
xmlkv maxinputs=<int>
Required arguments
- maxinputs
- Syntax: maxinputs=<int>
- Description: The maximum number of inputs.
Usage
The xmlkv command is a distributable streaming command. See Command types.
Examples
Example 1: Automatically extract fields from XML tags.
... | xmlkv
Example 2: Extract the key-value pairs from the first ten thousand events.
... | xmlkv maxinputs=10000
See also
extract, kvform, multikv, rex, spath, xpath
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the xmlkv command.
|
PREVIOUS x11 |
NEXT xmlunescape |
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.10, 6.3.1, 6.6.9, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 7.0.1, 7.0.11, 7.0.13
Feedback submitted, thanks!