Apologies if this is a bit of a noddy question (I am a noob to this) but I
couldn't find anything in the docs or the great G that really gave me a
good answer to this problem....
In some of my logs I have events containing xml. I want to be able to
identify the value of an element and create a new field containing the
value.
Example event in log:
INFO 2013-09-11 10:52:03,381 [[SmokeTest_0906-v20130906-10+25].x_to_bss_evt
.stage1.22] (TranslateDealId.java:50) - Received raw message from x: <?xml
version="1.0" encoding="utf-8"?><rm:Message SchemaVersion="1.09" xmlns:rm=
".xyz Domain Names | Join Generation XYZ">EVT-Title-Updated<
/MessageType>
.....etc
I want to be able to create a field CORRELATIONID from the element
115200591009311965 and have it populate the
value of the element into the field.
So, in this case the CORRELATIONID flag vould have a value 1
15200591009311965,
I had a look at grok methods using regex but could not see a way to do it.
as elasticsearch is only parsing JSON, you would have to convert the XML to
JSON before indexing it into elasticsearch. One possibility is to do this
in your application code, the other way would be using regexes as you
mentioned. See pattern replace char filter might be what you are searching
for. See
Apologies if this is a bit of a noddy question (I am a noob to this) but I
couldn't find anything in the docs or the great G that really gave me a
good answer to this problem....
In some of my logs I have events containing xml. I want to be able to
identify the value of an element and create a new field containing the
value.
Example event in log:
INFO 2013-09-11 10:52:03,381 [[SmokeTest_0906-v20130906-10+25].
x_to_bss_evt.stage1.22] (TranslateDealId.java:50) - Received raw message
from x: <?xml version="1.0" encoding="utf-8"?><rm:Message SchemaVersion=
"1.09" xmlns:rm=".xyz Domain Names | Join Generation XYZ">EVT-
Title-Updated
I want to be able to create a field CORRELATIONID from the element
115200591009311965 and have it populate
the value of the element into the field.
So, in this case the CORRELATIONID flag vould have a value 1
15200591009311965,
I had a look at grok methods using regex but could not see a way to do it.
Le 12 sept. 2013 à 17:19, Alexander Reelsen alr@spinscale.de a écrit :
Hey,
as elasticsearch is only parsing JSON, you would have to convert the XML to JSON before indexing it into elasticsearch. One possibility is to do this in your application code, the other way would be using regexes as you mentioned. See pattern replace char filter might be what you are searching for. See Elasticsearch Platform — Find real-time answers at scale | Elastic
Apologies if this is a bit of a noddy question (I am a noob to this) but I couldn't find anything in the docs or the great G that really gave me a good answer to this problem....
In some of my logs I have events containing xml. I want to be able to identify the value of an element and create a new field containing the value.
Example event in log:
INFO 2013-09-11 10:52:03,381 [[SmokeTest_0906-v20130906-10+25].x_to_bss_evt.stage1.22] (TranslateDealId.java:50) - Received raw message from x: <?xml version="1.0" encoding="utf-8"?><rm:Message SchemaVersion="1.09" xmlns:rm=".xyz Domain Names | Join Generation XYZ">EVT-Title-Updated
I want to be able to create a field CORRELATIONID from the element 115200591009311965 and have it populate the value of the element into the field.
So, in this case the CORRELATIONID flag vould have a value 115200591009311965,
I had a look at grok methods using regex but could not see a way to do it.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.