input { beats { port => 5044 } }
filter {
kv {field_split => "message"
}
kv {
source => "n id"
field_split => ","
}}
output { elasticsearch { hosts => ["http://localhost:9200"] index => "atpidev1" } }
is it correct config to split each n id to different row
getting result like above image
it should show as like showing in below image
Able to achieve requirement with following conf
input { beats { port => 5044 } }
filter {
mutate {
split => { "message" => "@$@" }}
mutate {
add_field => { "response" => "%{[message][1]}" "request" => "%{[message][0]}" } }
xml { store_xml => "false" source => "response" target => "xmldata"
xpath =>[
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/@id","ratePlanid",
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/roomDetails/roomTypeCode/text()","roomTypeCode",
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/roomDetails/hhRoomType/text()","hhRoomType",
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/roomDetails/hhBedTypes/hhBedType/text()","hhBedTypes",
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/rateDetails/rateTypeCode/text()","rateTypeCode",
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/rateDetails/breakfastIncluded/text()","breakfastincluded",
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/rateDetails/nonRefundable/text()","nonRefundable",
"/propertyAvailability/hotelRates/hotel/bookingChannel/ratePlan[1]/roomRateDetails/roomRateCode/text()","roomRateCode",
"/propertyAvailability/hotelRates/hotel/bookingChannel/@type","bookingChannel" ]
}
split {field => "bookingChannel"}
split {field => "ratePlanid"}
split {field => "roomTypeCode"}
split {field => "hhRoomType"}
split {field => "hhBedTypes"}
split {field => "rateTypeCode"}
split {field => "breakfastincluded"}
split {field => "nonRefundable"}
split {field => "roomRateCode"}
}
output { elasticsearch { hosts => ["http://localhost:9200"] index => "atpidev07jul2020-432" } }
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
