Parse data as XML. The specified field will be parsed as XML. Specify field=@rawstring to parse the rawstring into XML. If the specified field does not exist, the event is skipped. If the specified field exists but contains non-XML data, the behavious depends on the strict parameter.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| field | string | No | @rawstring | Field that should be parsed as XML |
| prefix | string | No | Prefix the name of the fields extracted from XML with the value of this parameter | |
| strict | bool | No | false | specifies if events where the field does not contain valid XML should be filtered out of the result set. Default is non-strict, i.e. to pass the event on with an error flag describing why XML parsing failed. |
field is the unnamed parameter.
If the whole event sent to Humio is XML like this:
<log><service>userService</service><timestamp>2017-12-18T20:39:35Z</timestamp><msg>user with id=47 logged in</msg></log>
parseXml() | parseTimestamp(field=timestamp)
If a field in the incoming event contains XML like this:
2017-12-18T20:39:35Z user id=47 logged in details="<log><service>userService</service><timestamp>2017-12-18T20:39:35Z</timestamp><msg>user with id=47 logged in</msg></log>"\n\n
In the example below the details field is extracted using the kvparse function and then parseXml is used to parse the XML inside the details field.
/(?<timestamp>\S+)/ | parseTimestamp(field=timestamp) | kvParse() | parseXml(field=details)