Filtering and Processing XML Logs in Logstash for JSON Conversion

ayushyadav685 · July 4, 2024, 5:56am

Hi All,

I want to use only a few parameterized XML tags to convert into JSON and remove all other parameterized tags before processing.

My XML log looks like this:

<a>
    <b direction="outgoing">
      <c id="0" value="1"/>
      <c id="3" value="2"/>
      <c id="4" value="3"/>
      <c id="11" value="4"/>
      <c id="12" value="5"/>
    </b>
</a>

I only need the tags with id=0 and id=3 and want to remove the remaining tags before processing the XML log for JSON migration.

This is how my XML logs should be processed:

<a>
    <b direction="outgoing">
      <c id="0" value="1"/>
      <c id="3" value="2"/>
    </b>
</a>

Badger · July 4, 2024, 11:43am

You could try something like

    xml {
        source => "message"
        store_xml => true
        target => "theXML"
        force_array => false
    }
    ruby {
        code => '
            xml = event.get("theXML")
            c = xml["b"]["c"]
            if c.is_a? Array
                keep = ["0", "3"]
                c.each_with_index { |x, i|
                    unless keep.include? x[id]
                        event.remove("[theXML][b][c][#{i}]")
                    end
                }
            end
        '
    }

Topic		Replies	Views
XML filter issue Logstash	9	455	April 13, 2018
XML filter - processing of an array of values Logstash	5	520	September 14, 2021
Iterating over certain field extracted from xml to do few operations like remove and replace Logstash	1	284	January 6, 2020
Need to improve my ruby code to convert the data in right format Logstash	3	356	November 25, 2021
Logstash expecting \n for it to process an XML Logstash	8	677	October 25, 2017

Filtering and Processing XML Logs in Logstash for JSON Conversion

Related topics