Version: 5.3

spath

Description

Performs a search on XML or JSON strings.

Syntax

spath [input=<field>] [output=<field>] path=<datapath>

Required Arguments

Parameter	Syntax	Description
`input`	`<field>`	Name of the field containing the XML/JSON string.
`path`	`path=<datapath>`	The search pattern for finding the value in XML/JSON.

Optional Arguments

Parameter	Syntax	Default	Description
`output`	`<field>`		The name of the field to store the retrieved value.

Examples

Example 1

In this example, the command extracts the value of the sourcetype field from an XML or JSON string in the raw_event field and saves the result to the myVals field.

... | spath input=raw_event output=myVals path=sourcetype

Example 2

In this example, the command accesses the array element desc by index {1} and returns the found value to the result field.

... | spath input=hello path=vendorProductSet.product.desc{1}

Example 3

In this example, the command traverses a nested path with an array index and extracts the XML attribute @locale from the selected element.

... | spath input=hello path=vendorProductSet.product.desc{1}.locDesc{@locale}

Description​

Syntax​

Required Arguments​

Optional Arguments​

Examples​

Example 1​

Example 2​

Example 3​