Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How do I pull multiple events in a large XML file

$
0
0
Our vulnerability scanner is only able to provide XML output and i would like to get this into Splunk. The problem I am running into is that each system can have multiple events called audits. I would like to know how to set up the BREAK_ONLY_BEFORE and MUST_BREAK_AFTER parameters to match the audits to each system. Data format is ` 10.12.60.24CVE-1CVE-210.12.60.25CVE-4CVE-8 ` I would then be able to generate a table that would look like this System Audit1 Audit2 10.12.60.24 CVE-1 CVE-2 10.12.60.24 CVE-4 CVE-8 Regards, Scott

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>