I have a deeply nested XML with few entities that I would to store in XML. Single XML file should be store to multiple indices. But I don't know how to split it to store to multiple indices.
Output from this file, it will create 3 indices:
- Individual
- Address
- Relationships
Example XML:
<Individual>
<Id>1</Id>
<Name>Richard</Name>
<Age>32</Age>
<Addresses>
<Address>
<Line 1>abc</Line 1>
<Line 2>def</Line 2>
</Address>
<Address>
<Line 1>123</Line1>
<Line 2>456</Line2>
</Address>
</Addresses>
<Relationships>
<Relationship>
<Id>2</Id>
<Name>Richard Edward</Name>
<Type>Brother</Type>
</Relationship>
<Relationship>
<Id>3</Id>
<Name>Richard Hugo</Name>
<Type>Brother</Type>
</Relationship>
</Relationships>
</Individual>
Sample config:
input {
file {
path => ["/var/shared_folder/*.xml"]
start_position => beginning
tags => [ 'individual_xml' ]
codec => multiline {
pattern => "<Individual>"
negate => "true"
what => "previous"
}
}
}
filter {
if 'individual_xml' in [tags] {
xml {
source => "message"
store_xml => "false"
xpath => ["/Individual/Id/text()","id"]
xpath => ["/Individual/Name/text()","name"]
xpath => ["/Individual/Age/text()","age"]
}
mutate {
remove_field => [ "message", "xml", "xmldata", "host" ]
}
mutate {
convert => { "id" => "string" }
convert => { "name" => "string" }
convert => { "age" => "string" }
}
}
}
output {
if 'individual_xml' in [tags] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "individual"
}
}
}