使用 Python xml.etree.ElementTree 从 xml 文件中按名称获取元素值
我正在使用 python-evtx 模块来解析 Windows 事件日志。我使用 xml.etree.ElementTree 将输出转换为 XML,然后尝试解析每个条目以按名称从某个键值获取值。
我有以下代码来显示不同的键值和我想要访问的文本;
import xml.etree.ElementTree as ET
tree = ET.parse('xmlfile1.txt')
root = tree.getroot()
for x in root[1]:
print(x.tag, x.attrib, x.text)
输出看起来像这样。
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpAddress'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpPort'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'ImpersonationLevel'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'RestrictedAdminMode'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetOutboundUserName'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetOutboundDomainName'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'VirtualAccount'} %%1843
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetLinkedLogonId'} 0x0000000000000000
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'ElevatedToken'} %%1842
我想做的是能够获取特定键值的值,例如“{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpAddress '} -" ,但无法弄清楚如何通过键名获取值。
如何从 xml.etree.ElementTree 获取 xml 输出并从特定键/元素获取文本值?
I am using the python-evtx module to parse Windows event logs. I am converting the output to XML using xml.etree.ElementTree and then trying to parse through each entry to get the value from a certain key value by its name.
I have the following code to show the different key values with the text I want to access;
import xml.etree.ElementTree as ET
tree = ET.parse('xmlfile1.txt')
root = tree.getroot()
for x in root[1]:
print(x.tag, x.attrib, x.text)
The output looks like this.
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpAddress'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpPort'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'ImpersonationLevel'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'RestrictedAdminMode'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetOutboundUserName'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetOutboundDomainName'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'VirtualAccount'} %%1843
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetLinkedLogonId'} 0x0000000000000000
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'ElevatedToken'} %%1842
What I am trying to do is be able to get the value of a particular key value such as "{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpAddress'} -" , but cannot figure out how to get a value by the key name.
How can get take the xml output from xml.etree.ElementTree and get the text value from a particular key/element?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 XPath 和命名空间映射。
http://schemas.microsoft.com/win/2004/08/events/event命名空间中的所有元素都需要 XPath 中相应的命名空间前缀(我选择了e:,但只要它解析为正确的名称空间 URI,这是任意的),否则将找不到它们。Use XPath and a namespace map.
All the elements that are in the
http://schemas.microsoft.com/win/2004/08/events/eventnamespace need the respective namespace prefix in the XPath (I chosee:, but that's arbitrary as long as it resolves to the right namespace URI), otherwise they will not be found.