Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Output formats via XML

This documentation does not apply to the most recent version of Splunk.

This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12

Output formats via XML

Splunk's REST endpoints provide two different XML response formats: generic and ATOM based. In addition, some search endpoints are capable of returning other formats including CSV, raw text, XML, and JSON. Use output_mode, as described in search jobs to specify the format for search results.


Example Generic Response 

<response>
	<parentNode>
		<dataNode></dataNode>
		<dataNode></dataNode>
		<dataNode></dataNode>
	</parentNode>
</response>

Example Generic Response with Messaging 

<response>
	<messages>
		<msg type="DEBUG">this is a message</msg>
		<msg type="INFO">this is a message</msg>
		<msg type="WARN">this is a message</msg>
		<msg type="ERROR">this is a message</msg>
		<msg type="SIGNAL">this is a message</msg>
		<msg type="PERSISTENT">this is a message</msg>
	</messages>
</response>

Generic Response with Messaging (via error codes) 

<response>
	<messages>
		<msg type="DEBUG" code="1001"></msg>
		<msg type="INFO" code="2038">
			<param name="username">mildred</msg>
			<param name="action">edit</msg>
		</msg>
	</messages>
</response>

Example Atom Feed Response 

<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
    <title>properties</title>
    <id>https://localhost:8089/services/properties</id>
    <updated>2008-01-29T11:40:58-0800</updated>
    <generator version="31758"/>
    <author>
        <name>Splunk</name>
    </author>
    <entry>
        <title>alert_actions</title>
        <id>https://localhost:8089/services/properties/alert_actions</id>
        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/alert_actions" rel="alternate"/>
    </entry>
    <entry>
        <title>api</title>
        <id>https://localhost:8089/services/properties/api</id>
        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/api" rel="alternate"/>
    </entry>
</feed>

Example Atom Feed with Messaging 

<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
    <s:messages>
        <s:msg type="ERROR">this is a message</s:msg>
        <s:msg type="INFO">this is a message</s:msg>
    </s:messages>
    <title>properties</title>
    <id>https://localhost:8089/services/properties</id>
    <updated>2008-01-29T11:40:58-0800</updated>
    <generator version="31758"/>
    <author>
        <name>Splunk</name>
    </author>
    <entry>
        <s:messages>
            <s:msg type="ERROR">this is a message</s:msg>
            <s:msg type="INFO">this is a message</s:msg>
        </s:messages>
        <title>alert_actions</title>
        <id>https://localhost:8089/services/properties/alert_actions</id>
        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/alert_actions" rel="alternate"/>
    </entry>
    <entry>
        <title>api</title>
        <id>https://localhost:8089/services/properties/api</id>
        <updated>2008-01-29T11:40:58-0800</updated>
        <link href="https://localhost:8089/services/properties/api" rel="alternate"/>
    </entry>
</feed>

Example Atom Entry Response 

<?xml version="1.0" encoding="UTF-8"?>
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest">
    <title>alert_actions</title>
    <id>https://localhost:8089/services/properties/alert_actions</id>
    <updated>2008-01-29T11:40:58-0800</updated>
    <link href="https://localhost:8089/services/properties/alert_actions" rel="alternate"/>
</entry>
Retrieved from "http://www.splunk.com/base/Documentation/3.4.12/Developer/OutputFormatsViaXML"
Start | Prev: Get started | Next: SDKs
Revision: 207 | Contact | Privacy Policy | Terms of Use | Community content licensed under Creative Commons

Copyright © 2005-2009 Splunk Inc. All rights reserved.