Custom Multiline Parsing

Naveesh_Doolhur · September 3, 2019, 8:54pm

I have a Log file as follows:

===================================== REQUEST 03-09-2019 01:12:25.808599 REF:5001462 =========================================
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Service2>
    <Rqst>
        <MsgHdr>
            <Version>006</Version>
            <TimeGMT>2019090221123353</TimeGMT>
        </MsgHdr>
    </Rqst>
</Service2>

===================================== RESPONSE 03-09-2019 01:12:27.434655 Ref:5001462 =========================================
<Service2><Resp><MsgHdr><Version>006</Version><TimeGMT>20190903011227</TimeGMT></MsgHdr></Resp></Service2>

There is a request and then a response. Any idea how it can be parsed? I would need the whole Request XML and Response XML in a single row as well as the request and response time. Both have the same Ref field.

Thanks

Badger · September 4, 2019, 12:02pm

I would start with

    grok {
        match => { "message" => "=+ %{DATA:header} =+
%{GREEDYDATA:[@metadata][xml]}" }
    }
    xml { source => "[@metadata][xml]" target => "theXML" force_array => false }

system · October 2, 2019, 12:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not able to parse custom logs having multi line xml Logstash	15	4240	December 22, 2017
Parsing multiline logs : line + xml Logstash	10	6634	July 6, 2017
LOGSTASH - MULTILINE XML IN LOG Logstash	1	298	September 2, 2021
Need help with parsing multiline XML file Logstash	4	2894	July 6, 2017
Need help with Parsing Multiline StackTrace Logstash	5	2796	July 31, 2019

Custom Multiline Parsing

Related topics