Filtering and Processing XML Logs in Logstash for JSON Conversion

ayushyadav685 · July 4, 2024, 5:56am

Hi All,

I want to use only a few parameterized XML tags to convert into JSON and remove all other parameterized tags before processing.

My XML log looks like this:

<a>
    <b direction="outgoing">
      <c id="0" value="1"/>
      <c id="3" value="2"/>
      <c id="4" value="3"/>
      <c id="11" value="4"/>
      <c id="12" value="5"/>
    </b>
</a>

I only need the tags with id=0 and id=3 and want to remove the remaining tags before processing the XML log for JSON migration.

This is how my XML logs should be processed:

<a>
    <b direction="outgoing">
      <c id="0" value="1"/>
      <c id="3" value="2"/>
    </b>
</a>

Badger · July 4, 2024, 11:43am

You could try something like

    xml {
        source => "message"
        store_xml => true
        target => "theXML"
        force_array => false
    }
    ruby {
        code => '
            xml = event.get("theXML")
            c = xml["b"]["c"]
            if c.is_a? Array
                keep = ["0", "3"]
                c.each_with_index { |x, i|
                    unless keep.include? x[id]
                        event.remove("[theXML][b][c][#{i}]")
                    end
                }
            end
        '
    }

Topic		Replies	Views
XML filter - processing of an array of values Logstash	5	518	September 14, 2021
Need to improve my ruby code to convert the data in right format Logstash	3	356	November 25, 2021
Split and store tags Logstash	3	177	July 12, 2021
XML Filter Output to Ruby Code Logstash	8	590	December 1, 2020
Logstash xml filter ruby cleanup code help Logstash	4	512	August 17, 2021

Filtering and Processing XML Logs in Logstash for JSON Conversion

Related Topics