Hi,
I would like to extract the XML field value from an XML string from the log and include it in the search. What is the best way to do that?
Currently, whenever a request is posted, I am searching with the id, but I want to create a dynamic search such that whenever a new employee is added, I can see it in the Splunk search.
I tried the field extractor regex `(^(?:[^>\n]*>){4}(?P\w+))`, but not sure how I can use this regex in the search box.
Sample XML:
TEST001
↧