Hi guys,
I have a problem to extract a timestamp from a xml document. The timestamp information is nested in a xml comment. Here is an example of this XML comment.
Export created at 2017-11-10 14:01:59Z by SPIDSS IMS Template Release 'CSMD Mietkautionskontoinhaber' / SpdmsIdsTemplateRelease.1.28.05, Version=1.28.6494.14187, Culture=neutral, PublicKeyToken=null (build date: 2017-10-12 08:52:54Z)
Normal this information stands in a xml comment. But when I try it to copy it in a full context. Then this example will not shown here.
I am interested in the timestamp information which is displayed here bold!
To read the xml file I decided to read it over a normal input file plugin.
input{
file {
path => "C:/ELK/Manually_Reports/XML/*.xml"
start_position => "beginning"
tags => ["XML"]
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601} "
negate => false
what => previous
}}
But I don't know how I can get the timestamp information.
I try to build a grok filter match. But my try failed.
It would be very nice, when somebody of you can help me.
Thanks for your time and help!
Regards
Simon