Create separate documents from xml file

Elastic Stack Logstash
1

Hi, I have an xml file , and want to parse it to logstash . is it possible to create a separate documents for each tag ? here is my xml file:

<xmldata>
    <head1>
        <key1>Value1</key1>
       <key2> Value2 </key2>
       <id> 00001 </id>
       <date> 01-01-2016 09:00:00 </date>
    </head1>
   <ReportItems>
         <ReportItem>
              <Name>SqlInjection</Name>
        </ReportItem>
        <ReportItem>
            <Name>XSS </Name>
       </ReportItem>
   </ReportItems>
</xmldata>

Here is my logstash config file :

input {
  file {
       path => "/home/user/test.xml"
       start_position => "beginning"
       sincedb_path => "/dev/null"

       codec => multiline  {

               pattern => "^<xmldata>"
               negate => "true"
               what => "previous"
        }
      }
}

filter{

    xml{
      target => "xml_content"
       store_xml => false
       source => "message"
       xpath =>
       [
       "/xmldata/head1/key1/text()", "key1",
       "/xmldata/head1/key2/text()", "key2",
       "/xmldata/ReportItems/ReportItem/Name/text()", "Name"
       ]
      }

      mutate {
         remove_field => ["message"]
      }

     date {
       match => [ "date", "dd-MM-yyyy HH:mm:ss" ]
       timezone => "Europe/Amsterdam"
          }
}

output{
      elasticsearch {
      hosts => ["localhost:9200"]
      }

}

Thanks.

2

The split filter can split the elements of an array into one document per item, so if you use the xml filter and possibly others filters to craft such an array the split filter will take care of the rest.

3

Thank you so much, it works :smiley:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.