DMARC XML FIle

Wilks · January 8, 2020, 2:31pm

Hi All,
I am trying to send dmarc logs to elasticsearch and running into some issues with the logstash config. Logstash only appears to process the first few lines of the xml log file as per below.

It seems to be something with the pattern => "^<?feedback.*>" but I could be wrong. Below is the Logstash config

input {
file {
path => "/var/cache/dmarc-reports/*.xml"
start_position => "beginning"
discover_interval => "1"
tags => ["dmarc-reports"]
codec => multiline {
pattern => "^<?feedback>"
negate => true
what => "previous"
}
}
}
filter {
xml {
#store_xml => "false"
target => "dmarc"
source => "message"
}
}
output {
elasticsearch {
hosts => ["10.10.10.34:9200"]
http_compression => "true"
index => "dmarc-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }

Wilks · January 8, 2020, 2:35pm

The XML is the following:

Wilks · January 8, 2020, 5:09pm

Nevermind Figured it out

system · February 5, 2020, 5:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
XML Input Issues Logstash	28	4837	April 9, 2018
How to capture XML files in email attachment using IMAP - for DMARC Reporting Logstash	2	779	December 12, 2018
_dateparsefailure when parsing XML with logstash Logstash	5	532	October 16, 2018
Need help in parsing DMARC report in XML format Logstash	10	1565	December 31, 2018
Logstash XML file not parsing Logstash	3	134	February 27, 2024

DMARC XML FIle

Related topics