Difficulties to parse/filter on xml file

juju · June 14, 2015, 3:45pm

Hello,

I'm trying to parse a xml file (Export of Arbor Alerts. example here http://pastebin.com/jpQWMbjz)
but it currently fails. Either Most lines are going unparsed into kibana, either nothing get inserted in elasticsearch

Trouble parsing xml with XmlSimple {:source=>"message", :value=>"</peakflow>", :exception=>#<REXML::ParseException: #<REXML::ParseException: Missing end tag for '' (got "peakflow")

Line: 1
Position: 11

As the source file is validate xmlint, I', thinking it's more the multiline rule which is not getting extract correctly (but it shouldn't matter on xml source...)

Manual call

cat /vagrant/example-logs/Arbor-Alerts.xml | /opt/logstash/bin/logstash -f /vagrant/confs/logstash/logstash.conf

You can find the vagrant box and the configuration I use here

Also tried with this ELK configuration to check if it was my setup

but same results

Any hints?

Thanks

Joshua_Rich · June 15, 2015, 6:47am

I believe the xml filter expects the XML to appear more stream-like and less human-readable if that makes sense What happens if you avoid your xmlint call and ensure the XML input does not have extra whitespace in it (including newlines)?

juju · June 18, 2015, 12:32am

I tried "cleaning" file with

$ tidy -xml -q file1.xml | tr -d '\n' > file2.xml

the output is one line without indent or extra new line

I resubmit file with and without disabling multiline but got nothing import and no debug output either (with either output: debug or elasticsearch)

Topic		Replies	Views
Using logstash Logstash	8	1822	July 6, 2017
Problems with parsing XML log files with XML filter of Logstash Logstash	8	1623	July 6, 2017
Not able to parse custom logs having multi line xml Logstash	15	4299	December 22, 2017
Can i use file filter for xml docs Logstash	12	2916	July 6, 2017
XML to Elasticsearch through Logstash Logstash	3	436	May 4, 2018

Difficulties to parse/filter on xml file

Related topics