How to logstash filter xml

Badger · January 20, 2020, 9:41pm

With that XML you could use

xml { source => "message" target => "theXML" force_array => false remove_field => [ "message" ] }
mutate {
    add_field => {
        "LogID" => "%{[theXML][TransferLogDetailForExport][LogID]}"
        "LogDateTime" => "%{[theXML][TransferLogDetailForExport][LogDateTime]}"
    }
}
split { field => "[theXML][Vouchers]" }
ruby {
    code => '
        event.get("[theXML][Vouchers]").each { |k, v| event.set(k, v) }
        event.remove("[theXML]")
    '
}

to produce

{
    "VoucherID" => "2",
  "LogDateTime" => "2020-01-07T17:00:47",
   "@timestamp" => 2020-01-20T21:39:34.862Z,
"VoucherTypeID" => "24",
         "Used" => "1",
   "ComputerID" => "0",
        "LogID" => "15237"
}
{
    "VoucherID" => "3",
  "LogDateTime" => "2020-01-07T17:00:47",
   "@timestamp" => 2020-01-20T21:39:34.862Z,
"VoucherTypeID" => "24",
         "Used" => "1",
   "ComputerID" => "0",
        "LogID" => "15237"
}

etc.

Topic		Replies	Views
Please give me a example about Logstash xml filter Logstash	5	7644	May 3, 2018
XML Filter Help Required Logstash	7	7724	July 6, 2017
Logstash split xml fields Logstash	22	5470	July 14, 2017
How to split xml arrays? Logstash	15	7644	July 6, 2017
XML to Elasticsearch via Logstash Logstash	47	3539	April 3, 2018

How to logstash filter xml

Related topics