How to parse xml.log via logstash

gavin-orange · September 9, 2020, 3:23am

Hello Guys ,
I am totally new into ES and now I want to use logstash to parse the xml.log , hope could get any help .
Here is part of xml.log which I have :

    <msg time='2019-10-25T01:50:15.913+08:00' org_id='oracle' comp_id='rdbms'
     client_id='' type='UNKNOWN' level='16'
     host_id='cnsh-ipccdb1' host_addr='10.7.1.11' module=''
     pid='20386'>
     <txt>  Current log# 4 seq# 430140 mem# 0: +DG_ORA/ora11g/onlinelog/group_4.283.995416149
     </txt>
    </msg>

How do I edit the filter ?

gavin-orange · September 9, 2020, 4:05am

I want the results as below :

time : 2019-10-25T01:50:15.913+08:00 
log: Current log# 4 seq# 430140 mem# 0: +DG_ORA/ora11g/onlinelog/group_4.283.995416149

stephenb · September 9, 2020, 4:29am

Hi @gavin-orange
Welcome to the community.

Have you look the XML filter.. should get you there / extract the fields

Then you might need to do some renaming , converting etc.

Pay attention to the date / time formats etc

gavin-orange · September 9, 2020, 6:10am

Hi Stephen ,
I used the " multiline " in filebeat to format the xml logs .
Then in logstash :

xml {
          source => "message"
          target => "parsed"
          store_xml => true
          force_array => false
          xpath => {
            "msg time" => "timestamp"
            "txt" => "contents" }

but the outcome is not as wished .

system · October 7, 2020, 6:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash XML parsing problem Logstash	3	1354	January 18, 2018
Logstash XML Filter Issue Logstash	4	378	October 30, 2019
Problems with parsing XML log files with XML filter of Logstash Logstash	8	1561	July 6, 2017
Need help to parse XML log in logstash Logstash	6	324	August 8, 2018
Parse xml with logstash Logstash	3	272	September 4, 2019

How to parse xml.log via logstash

Related topics