Import GPX into Splunk

Problem

  • You want to import a GPX File into Splunk
  • You want to define a special sourcetype

Solution

This is the example

<?xml version=”1.0″ encoding=”UTF-8″?>
<gpx version=”1.1″ xsi:schemaLocation=”http://www.topografix.com/GPX/1/1 http://www.topografix.com/GPX/1/1/gpx.xsd&gt;
<trk>
<trkseg>
<trkpt lon=”13.7235536575317383″ lat=”51.0877876281738281″>
<ele>154.0</ele>
<time>2016-04-29T15:39:38.000Z</time>
</trkpt>
<trkpt lon=”13.7235345840454102″ lat=”51.0876770019531250″>
<ele>155.0</ele>
<time>2016-04-29T15:39:47.000Z</time>
</trkpt>
<trkpt lon=”13.7242536544799805″ lat=”51.0879554748535156″>
<ele>152.0</ele>
<time>2016-04-29T15:40:11.000Z</time>
</trkpt>
<trkpt lon=”13.7242536544799805″ lat=”51.0879554748535156″>
<ele>152.0</ele>
<time>2016-04-29T15:40:13.000Z</time>
</trkpt>
<trkpt lon=”13.7242908477783203″ lat=”51.0884094238281250″>
<ele>149.0</ele>
<time>2016-04-29T15:40:29.000Z</time>
</trkpt>
</trkseg>
</trk>
</gpx>

Go to the Splunk preferences and add a new sourcetype with the following properties:

BREAK_ONLY_BEFORE = <trkpt

KV_MODE = xml

NO_BINARY_CHECK = true

SHOULD_LINEMERGE = true

pulldown_type = true

FIELDALIAS-rootfields = trkpt.ele as Hight trkpt{@lat} as Latitude trkpt{@lon} as Longitude

This will create events based on TrackPoint. In addition, latitude, longitude and hight will be extracted as extra fields.

gpx

If you want to include RoutePoints (see GPX Wikipedia), you only have to change the BREAK_ONLY_BEFORE  from <trkpt to <\w\w\wpt 

timechart

Fin.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s