Hi,
I'm struggling with creating simple table in lens, which could present my data from ingested, multiline xml file. Basically I don't need to apply any aggregations. I'm wondering if there is any kind of solution?
My xml structure:
-<rxxxxxx>
<run for="00:00:39.891" aj="17-06-2021 14:29:04" sq="17-06-2021 14:29:44" opr="521703952" st="OK" ald="1" wf="wf_XXXX_XX_X_X"/>
<run for="00:01:05.056" aj="17-06-2021 14:28:04" sq="17-06-2021 14:29:09" opr="421703960" st="NOK" ald="2" wf="wf_XXXX_XXXXXXXXX_XX_X_X"/>
<run for="00:00:14.279" aj="17-06-2021 14:28:04" sq="17-06-2021 14:28:18" opr="221703474" st="OK" ald="2" wf="wf_XXXX_XXXXXXXXX_XX_X_X"/>
</rxxxxxx>`
My logstash config just reads "message" filed and based on that, creates new text fields for all xml entries using this naming convention: xml.run.sourcefieldname, ingested fields are multiline:
else if "xml_input" in [tags] {
xml {
source => "message"
target => "xml"
}
I also tried to apply some datatype conversion in grok / mutate but seems like it does not move me closer towards resolution..