Issues with XML

Vkryvor · October 29, 2018, 2:29pm

Hey all,
I'm trying to pull information from a XML file. I've been reading about the xml filter and its abilities for the last week or so and it's still got me stumped. Here's my config file and the sample xml file I'm trying to read, what am I doing wrong?
Thanks in advance,
Vlad

Config file:

input {

file {

type => "xml"

path => "C:\Projects\ELK\xmltrials\log.xml"

start_position => beginning

ignore_older => 0

codec => multiline {

pattern => "</bookings>"

what => "next"

negate => "true"

# auto_flush_interval => 1

}

}

}

    filter {

    xml{

    source => "message"

    store_xml => false

    #target => "parsed"

    xpath => [

    "/bookings/booking/bookingId/text()", "bookingId",

    "/bookings/booking/bookingId/bookingName/bookingNameId/text()", "bookingNameId",

    "/bookings/booking/bookingId/bookingName/firstName/text()", "firstName",

    "/bookings/booking/bookingId/bookingName/lastName/text()", "lastName",

    "/bookings/booking/bookingId/bookingName/lastName/text()", "lastName",

    "/bookings/booking/bookingId/bookingName/bookingNameItem/aircraftType/text()", "aircraftType"

    ]

    }

    # date {

    # match =>[ "timestamp" , "yyyy-MM-ddTHH:mm:ss" ]

    # }

    }
 
output {
   
  stdout {}
   elasticsearch {
    hosts => ["localhost:9200"]
  }
}

xml file:

<?xml version="1.0" encoding="UTF-8"?>
<bookings>
<count>1</count>
	<booking>
<bookingId>5300083003</bookingId>
<bookingDate>2018-10-25T02:42:00</bookingDate>
<bookingStatus>1</bookingStatus>
<bookingType>1</bookingType>
<dateBookingChanged>2018-10-25T02:44:38</dateBookingChanged>
<firstTicketNumber>1612115377183</firstTicketNumber>
<gdsInHouseIdentification>VGQ</gdsInHouseIdentification>
<lastUpdateInCADS>2018-10-25T02:44:39</lastUpdateInCADS>
<nameCount>2</nameCount>
<originalReservationCount>2</originalReservationCount>
<partitionCode>MN</partitionCode>
<posCity>VGQ</posCity>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<resPurgeDate>2018-10-26T00:00:00</resPurgeDate>
<resVersionTimestamp>2018-10-25T02:44:38</resVersionTimestamp>
<reservationCount>2</reservationCount>
<rloc>REYGMG</rloc>
<versionNumber>15</versionNumber>
<versionTimestamp>2018-10-25T02:44:38</versionTimestamp>
		<bookingName>
<bookingNameId>5500083005</bookingNameId>
<bookingId>5300083003</bookingId>
<crsNameLineNum>301</crsNameLineNum>
<dateNameAdded>2018-10-25T02:43:03</dateNameAdded>
<firstName>BOB</firstName>
<fqtLevel>0</fqtLevel>
<lastName>BOBBERSON</lastName>
<lastUpdateInCADS>2018-10-25T02:43:05</lastUpdateInCADS>
<nameStatus>1</nameStatus>
<originalFirstName>BOB</originalFirstName>
<originalLastName>BOBBERSON</originalLastName>
<passengerType>3</passengerType>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<seatCount>0</seatCount>
<ticketGrade>0</ticketGrade>
			<bookingNameItem>
<bookingNameItemId>5800190016</bookingNameItemId>
<aircraftType>738</aircraftType>
<arrivalDateTime>2018-10-25T14:00:00</arrivalDateTime>
<bookingId>5300083003</bookingId>
<bookingNameId>5500083005</bookingNameId>
<cabinCode>Y</cabinCode>
<commercialBookingClass>E</commercialBookingClass>
<commercialCarrier>MN</commercialCarrier>
<commercialFlightNumber>103</commercialFlightNumber>
<crsSegStatus>HK</crsSegStatus>
<crsSegmentLineNum>1</crsSegmentLineNum>
<dateItemAdded>2018-10-25T02:42:00</dateItemAdded>
<dateItemConfirmed>2018-10-25T02:42:00</dateItemConfirmed>
<departureDate>2018-10-25T11:50:00</departureDate>
<destination>CPT</destination>
<destinationCity>CPT</destinationCity>
<destinationCountry>ZA</destinationCountry>
<eTicketEligibilityFlag>1</eTicketEligibilityFlag>
<fqtLevelUsed>0</fqtLevelUsed>
<infoSegmentFlag>false</infoSegmentFlag>
<itemStatus>1</itemStatus>
<lastUpdateInCADS>2018-10-25T02:43:05</lastUpdateInCADS>
<operatingCarrier>MN</operatingCarrier>
<operatingFlightNumber>103</operatingFlightNumber>
<origin>JNB</origin>
<originCity>JNB</originCity>
<originCountry>ZA</originCountry>
<posCity>VGQ</posCity>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<ticketNumberType>0</ticketNumberType>
			</bookingNameItem>
				<bookingNameItem>
<bookingNameItemId>5800190017</bookingNameItemId>
<aircraftType>738</aircraftType>
<arrivalDateTime>2018-10-26T08:30:00</arrivalDateTime>
<bookingId>5300083003</bookingId>
<bookingNameId>5500083005</bookingNameId>
<cabinCode>F</cabinCode>
<commercialBookingClass>A</commercialBookingClass>
<commercialCarrier>MN</commercialCarrier>
<commercialFlightNumber>100</commercialFlightNumber>
<crsSegStatus>HK</crsSegStatus>
<crsSegmentLineNum>2</crsSegmentLineNum>
<dateItemAdded>2018-10-25T02:42:00</dateItemAdded>
<dateItemConfirmed>2018-10-25T02:42:00</dateItemConfirmed>
<departureDate>2018-10-26T06:30:00</departureDate>
<destination>JNB</destination>
<destinationCity>JNB</destinationCity>
<destinationCountry>ZA</destinationCountry>
<eTicketEligibilityFlag>1</eTicketEligibilityFlag>
<fqtLevelUsed>0</fqtLevelUsed>
<infoSegmentFlag>false</infoSegmentFlag>
<itemStatus>1</itemStatus>
<lastUpdateInCADS>2018-10-25T02:43:05</lastUpdateInCADS>
<operatingCarrier>MN</operatingCarrier>
<operatingFlightNumber>100</operatingFlightNumber>
<origin>CPT</origin>
<originCity>CPT</originCity>
<originCountry>ZA</originCountry>
<posCity>VGQ</posCity>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<ticketNumberType>0</ticketNumberType>
				</bookingNameItem>
						<serviceLine>
<serviceLineId>6400307027</serviceLineId>
<addingDate>2018-10-25T02:43:03</addingDate>
<bookingId>5300083003</bookingId>
<bookingNameId>5500083005</bookingNameId>
<bookingNameItemId>0</bookingNameItemId>
<freeText>OSI MN INF</freeText>
<serviceLineState>1</serviceLineState>
<serviceLineTypeCode>OSI</serviceLineTypeCode>
</serviceLine>
</bookingName>
	</booking>
    	</bookings>

wwalker · October 30, 2018, 3:29pm

Let's adjust the angle just a bit. Try changing it to below, specifically the pattern and what configs.

input {
  file {
    type => "xml"
    path => "C:\Projects\ELK\xmltrials\log.xml"
    start_position => beginning
    ignore_older => 0
    codec => multiline {
      pattern => "<bookings>"
      what => "previous"
      negate => "true"
    }
  }
}

system · November 27, 2018, 3:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash XML Filter Issue Logstash	4	378	October 30, 2019
Parsing Issue for XML File Logstash	2	530	November 24, 2017
Need a complete XML Filter example Logstash	4	14728	July 6, 2017
Need help with parsing multiline XML file Logstash	4	2894	July 6, 2017
Logstash xml parsing Logstash	2	623	April 5, 2017

Issues with XML

Related topics