Get element value by name from xml file using Python xml.etree.ElementTree-CodePudding

I am using the python-evtx module to parse Windows event logs. I am converting the output to XML using xml.etree.ElementTree and then trying to parse through each entry to get the value from a certain key value by its name.

I have the following code to show the different key values with the text I want to access;

import xml.etree.ElementTree as ET

tree = ET.parse('xmlfile1.txt')
root = tree.getroot()

for x in root[1]:
     print(x.tag, x.attrib, x.text)

The output looks like this.

{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpAddress'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpPort'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'ImpersonationLevel'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'RestrictedAdminMode'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetOutboundUserName'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetOutboundDomainName'} -
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'VirtualAccount'} %43
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'TargetLinkedLogonId'} 0x0000000000000000
{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'ElevatedToken'} %42

What I am trying to do is be able to get the value of a particular key value such as "{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpAddress'} -" , but cannot figure out how to get a value by the key name.

How can get take the xml output from xml.etree.ElementTree and get the text value from a particular key/element?

CodePudding user response：

What I am trying to do is be able to get the value of a particular key value such as "{http://schemas.microsoft.com/win/2004/08/events/event}Data {'Name': 'IpAddress'} -"

Use XPath and a namespace map.

import xml.etree.ElementTree as ET

ns_map = {
  'e': 'http://schemas.microsoft.com/win/2004/08/events/event'
}

tree = ET.parse('xmlfile1.txt')

# specific node
ip_address = tree.find('.//e:EventData/e:Data[@Name="IpAddress"]', ns_map)
if ip_address:
    print(ip_address.text)

# multiple nodes
for data in tree.iterfind('.//e:EventData/e:Data', ns_map):
   print(data.attrib['Name'], data.text)

All the elements that are in the http://schemas.microsoft.com/win/2004/08/events/event namespace need the respective namespace prefix in the XPath (I chose e:, but that's arbitrary as long as it resolves to the right namespace URI), otherwise they will not be found.