Ok so store_xml has to be true and would you please help me to give XPATH syntax applied to my data below(just one line should be really helpful 
) say extracting IP address and it's value. Here's is the XML of syslog message if needed:
<?xml version="1.0" encoding="utf-8"?>
<UpdateEvents>
<MachineInfo>
<AgentGUID>{cfe0cba8-5f98-11eb-31fd-04ea56651f3a}</AgentGUID>
<MachineName>HOSTNAME</MachineName>
<RawMACAddress>04EAAJBBS6788GG</RawMACAddress>
<IPAddress>x.x.x.x</IPAddress>
<AgentVersion>9.9.10.19</AgentVersion>
<OSName>Windows 10</OSName>
<TimeZoneBias>-480</TimeZoneBias>
<UserName>Mrs. abc</UserName>
</MachineInfo>
<McAfeeCommonUpdater ProductName="McAfee Agent" ProductVersion="5.0.0" ProductFamily="TVD">
<UpdateEvent>
<EventID>2401</EventID>
<Severity>0</Severity>
<GMTTime>2021-06-14T04:05:23</GMTTime>
<ProductID>AMCORDAT2000</ProductID>
<Locale>0409</Locale>
<Error>0</Error>
<Type>AMCore</Type>
<Version>4466.0</Version>
<InitiatorID>EPOAGENT3000</InitiatorID>
<InitiatorType>UpdateTask</InitiatorType>
<SiteName>McAfeeHttp</SiteName>
<Description>N/A</Description>
</UpdateEvent>
</McAfeeCommonUpdater>
</UpdateEvents>
Thank you,
Devashish Singh