Databases Reference
In-Depth Information
It would be much simpler to use the
table
command instead of writing an event
renderer. This approach is only appropriate when you need a very specific rendering
or still need access to
workflow
actions. For another approach, check out the
Table
and
Multiplexer
modules available in the app
Sideview Utils
.
Pretty print XML
In this example, we will use Python's
minidom
module to parse and "pretty print"
XML, if possible. The template will look for a field called
xml
, or fallback to
_raw
.
Let's look through the files included in
ImplementingSplunkExtendingExamples
.
The template file, located at
appserver/event_renderers/xml.html
, contains the
following lines of code:
<%inherit file="//results/EventsViewer_default_renderer.html" />\
<%def name="event_raw(job, event, request, options, xslt)">\
<%
from xml.dom import minidom
import sys
def escape(i):
return i.replace("<", "<").replace(">", ">")
_xml = str( event.fields.get('xml', event.fields['_raw']) )
try:
pretty = minidom.parseString(_xml).toprettyxml(indent=' '*4)
pretty = escape( pretty )
except Exception as inst:
pretty = escape(_xml)
pretty += "\n(couldn't format: " + str( inst ) + ")"
%>
<pre class="xml_eventtype">${pretty}</pre>
</%def>
Our entry in
event_renderers.conf
is as follows:
[xml]
eventtype = xml
template = xml.html
Our entry in
eventtypes.conf
is as follows:
[xml]
search = sourcetype="xml_example"
Search WWH ::
Custom Search