Reputation: 2119
How to parse XML log file in logstash
I am having a sample log file like below
<error message="file missing">
<value>01</value>
</error>
<dealer id="01" data="some text">Approved</dealer>
I want to parse the above code and want to display the data in Kibana like @message="file missing", @value="01", @dealer_id="01", @dealer_data = "some text".
I am new to ELK framework . I have tried using xpath filters but no luck if anyone help me with sample code means it would be a great help.
Upvotes: 2
Views: 8616
Answers (2)
Reputation: 334
Fetching data can be done with xpath like this :
xml {
source => "message"
store_xml => false
xpath => {
"//site/text()" => "site"
"//dateCreation[1]/text()" => "date_creation"
"//commande:Tiers[1]/identifiant/text()" => "tiers_id"
}
}
Then every result of the xpath is stored in the targeted field You might replace/delete then existing field of your event to keep only the needed data.
Upvotes: 5
Reputation: 16362
If your sample is one message, it needs a container, e.g.:
<foo>
<error message="file missing">
<value>01</value>
</error>
<dealer id="01" data="some text">Approved</dealer>
<foo>
This xml{} filter will process that (note "message" instead of your "@message")
filter {
xml {
source => "message"
}
}
Upvotes: 0
Related Questions
- Parsing JSON to Kibana using Grok Filter
- grok pattern to parse the logs in logstash
- Parsing XML file using Logstash
- Logstash error: parsing xml file
- Grok for parsing log4j log
- Logstash filtering using grok
- How to parse multi line XML in logstash?
- Parsing JSON file into logstash
- How to parse a xml-file with logstash filters
- Logstash reading in XML files to Elasticsearch