Hey all,
I'm trying to pull information from a XML file. I've been reading about the xml filter and its abilities for the last week or so and it's still got me stumped. Here's my config file and the sample xml file I'm trying to read, what am I doing wrong?
Thanks in advance,
Vlad
Config file:
input {
file {
type => "xml"
path => "C:\Projects\ELK\xmltrials\log.xml"
start_position => beginning
ignore_older => 0
codec => multiline {
pattern => "</bookings>"
what => "next"
negate => "true"
# auto_flush_interval => 1
}
}
}
filter {
xml{
source => "message"
store_xml => false
#target => "parsed"
xpath => [
"/bookings/booking/bookingId/text()", "bookingId",
"/bookings/booking/bookingId/bookingName/bookingNameId/text()", "bookingNameId",
"/bookings/booking/bookingId/bookingName/firstName/text()", "firstName",
"/bookings/booking/bookingId/bookingName/lastName/text()", "lastName",
"/bookings/booking/bookingId/bookingName/lastName/text()", "lastName",
"/bookings/booking/bookingId/bookingName/bookingNameItem/aircraftType/text()", "aircraftType"
]
}
# date {
# match =>[ "timestamp" , "yyyy-MM-ddTHH:mm:ss" ]
# }
}
output {
stdout {}
elasticsearch {
hosts => ["localhost:9200"]
}
}
xml file:
<?xml version="1.0" encoding="UTF-8"?>
<bookings>
<count>1</count>
<booking>
<bookingId>5300083003</bookingId>
<bookingDate>2018-10-25T02:42:00</bookingDate>
<bookingStatus>1</bookingStatus>
<bookingType>1</bookingType>
<dateBookingChanged>2018-10-25T02:44:38</dateBookingChanged>
<firstTicketNumber>1612115377183</firstTicketNumber>
<gdsInHouseIdentification>VGQ</gdsInHouseIdentification>
<lastUpdateInCADS>2018-10-25T02:44:39</lastUpdateInCADS>
<nameCount>2</nameCount>
<originalReservationCount>2</originalReservationCount>
<partitionCode>MN</partitionCode>
<posCity>VGQ</posCity>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<resPurgeDate>2018-10-26T00:00:00</resPurgeDate>
<resVersionTimestamp>2018-10-25T02:44:38</resVersionTimestamp>
<reservationCount>2</reservationCount>
<rloc>REYGMG</rloc>
<versionNumber>15</versionNumber>
<versionTimestamp>2018-10-25T02:44:38</versionTimestamp>
<bookingName>
<bookingNameId>5500083005</bookingNameId>
<bookingId>5300083003</bookingId>
<crsNameLineNum>301</crsNameLineNum>
<dateNameAdded>2018-10-25T02:43:03</dateNameAdded>
<firstName>BOB</firstName>
<fqtLevel>0</fqtLevel>
<lastName>BOBBERSON</lastName>
<lastUpdateInCADS>2018-10-25T02:43:05</lastUpdateInCADS>
<nameStatus>1</nameStatus>
<originalFirstName>BOB</originalFirstName>
<originalLastName>BOBBERSON</originalLastName>
<passengerType>3</passengerType>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<seatCount>0</seatCount>
<ticketGrade>0</ticketGrade>
<bookingNameItem>
<bookingNameItemId>5800190016</bookingNameItemId>
<aircraftType>738</aircraftType>
<arrivalDateTime>2018-10-25T14:00:00</arrivalDateTime>
<bookingId>5300083003</bookingId>
<bookingNameId>5500083005</bookingNameId>
<cabinCode>Y</cabinCode>
<commercialBookingClass>E</commercialBookingClass>
<commercialCarrier>MN</commercialCarrier>
<commercialFlightNumber>103</commercialFlightNumber>
<crsSegStatus>HK</crsSegStatus>
<crsSegmentLineNum>1</crsSegmentLineNum>
<dateItemAdded>2018-10-25T02:42:00</dateItemAdded>
<dateItemConfirmed>2018-10-25T02:42:00</dateItemConfirmed>
<departureDate>2018-10-25T11:50:00</departureDate>
<destination>CPT</destination>
<destinationCity>CPT</destinationCity>
<destinationCountry>ZA</destinationCountry>
<eTicketEligibilityFlag>1</eTicketEligibilityFlag>
<fqtLevelUsed>0</fqtLevelUsed>
<infoSegmentFlag>false</infoSegmentFlag>
<itemStatus>1</itemStatus>
<lastUpdateInCADS>2018-10-25T02:43:05</lastUpdateInCADS>
<operatingCarrier>MN</operatingCarrier>
<operatingFlightNumber>103</operatingFlightNumber>
<origin>JNB</origin>
<originCity>JNB</originCity>
<originCountry>ZA</originCountry>
<posCity>VGQ</posCity>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<ticketNumberType>0</ticketNumberType>
</bookingNameItem>
<bookingNameItem>
<bookingNameItemId>5800190017</bookingNameItemId>
<aircraftType>738</aircraftType>
<arrivalDateTime>2018-10-26T08:30:00</arrivalDateTime>
<bookingId>5300083003</bookingId>
<bookingNameId>5500083005</bookingNameId>
<cabinCode>F</cabinCode>
<commercialBookingClass>A</commercialBookingClass>
<commercialCarrier>MN</commercialCarrier>
<commercialFlightNumber>100</commercialFlightNumber>
<crsSegStatus>HK</crsSegStatus>
<crsSegmentLineNum>2</crsSegmentLineNum>
<dateItemAdded>2018-10-25T02:42:00</dateItemAdded>
<dateItemConfirmed>2018-10-25T02:42:00</dateItemConfirmed>
<departureDate>2018-10-26T06:30:00</departureDate>
<destination>JNB</destination>
<destinationCity>JNB</destinationCity>
<destinationCountry>ZA</destinationCountry>
<eTicketEligibilityFlag>1</eTicketEligibilityFlag>
<fqtLevelUsed>0</fqtLevelUsed>
<infoSegmentFlag>false</infoSegmentFlag>
<itemStatus>1</itemStatus>
<lastUpdateInCADS>2018-10-25T02:43:05</lastUpdateInCADS>
<operatingCarrier>MN</operatingCarrier>
<operatingFlightNumber>100</operatingFlightNumber>
<origin>CPT</origin>
<originCity>CPT</originCity>
<originCountry>ZA</originCountry>
<posCity>VGQ</posCity>
<purgeDate>2018-10-26T00:00:00</purgeDate>
<ticketNumberType>0</ticketNumberType>
</bookingNameItem>
<serviceLine>
<serviceLineId>6400307027</serviceLineId>
<addingDate>2018-10-25T02:43:03</addingDate>
<bookingId>5300083003</bookingId>
<bookingNameId>5500083005</bookingNameId>
<bookingNameItemId>0</bookingNameItemId>
<freeText>OSI MN INF</freeText>
<serviceLineState>1</serviceLineState>
<serviceLineTypeCode>OSI</serviceLineTypeCode>
</serviceLine>
</bookingName>
</booking>
</bookings>