Use an xml filter with store_xml => true to parse the XML completely. Then you can access the whole XML structure via fields. If you use a stdout { codec => rubydebug } output to dump the raw event produced by Logstash it'll be easier to help.
Use an xml filter with store_xml => true to parse the XML completely. Then you can access the whole XML structure via fields. If you use a stdout { codec => rubydebug } output to dump the raw event produced by Logstash it'll be easier to help.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.