A lack in the logstash documentation?

michaelprem · July 31, 2018, 11:37am

Hello!
I am new to logstash, and was trying to process some XML records that I have in a database, a record in each cell.
(the goal is indexing them in elasticsearch.)

The xml filter plugin was an obvious choice, with the xpath option. And from the documentation and many examples out there, I understood that, given my setup, every record will in turn populate the "message" field.

The problem was that none of my destination fields defined in the xpath hashes were ever making it to the output.

Then I found that my XML documents actually populate a source field called "xml", which is not documented anyway. source => "xml" seems to work.

Is there a lack in the documentation, or something I simply overlooked?

Michael

Badger · July 31, 2018, 12:39pm

It is normal for events to contain a field called message (although there are exceptions). Events may also contain other fields, and nobody else can predict what other fields your events will contain. As a result, the examples in the documentation that require an input field tend to use "message" as the source. What else could they do?

system · August 28, 2018, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
XML XPath filter is parsing fields but not inserting in Elasticsearch Logstash	9	1921	April 11, 2018
XML filter help Logstash	5	1545	July 6, 2017
XML filter issue Logstash	9	455	April 13, 2018
Always create fields defined by Xpath Logstash	1	553	April 13, 2017
Parsing XML File -> xpath does not parse all fields in "event_data" Logstash	4	629	April 8, 2020

A lack in the logstash documentation?

Related topics