With the below input file. What would be the logstash config? I guess the xml header line is coming with xml parser failure which is causing the ES ingesting error.
<?xml version="1.0" encoding="utf-8"?>
<trouble_shooter_log xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="TroubleShooterLog.xsd"
version="1.0" >
<event date="2020-07-21" time="03:17:36" line="814" text="Diameter peer connection up"/>
<event date="2020-07-21" time="03:17:39" line="301" text="tcpproxy;"/>
<event date="2020-07-21" time="03:23:53" line="253" text="Http Client with 7 worker threads started"/>
</trouble_shooter_log>
I am getting below error when writing to stdout.
{
"@timestamp" => 2020-09-07T20:48:10.353Z,
"message" => "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<trouble_shooter_log xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n\txsi:noNamespaceSchemaLocation=\"TroubleShooterLog.xsd\"\n\tversion=\"1.0\" >\n<event date=\"2020-07-21\" time=\"03:17:36\" line=\"814\" text=\"Diameter peer connection up\"/>",
"@version" => "1",
"tags" => [
[0] "multiline",
[1] "_xmlparsefailure"
],
"path" => "/root/p.log",
"host" => "elk01.novalocal"
}