Log stash xml parse

Elastic Stack Logstash
1

I would like some recommendation on how to parse a given xml document at logstash if i am looking for value of specific field which can appear in different fields in multiple xmls doc , for ex product ,sales, inventory,xml being uploaded from file beats, but they all go same elastic index as the eventual requirement is the get the fields data out of those and not the xml data itself.

for ex I am looking for Product Num which may be come from several different xml files under different nodes and attributes. for ex , and i am always interest in Value field if the match is for Product Num or similar fields representing the information.

<A><ProductNum>xyz</A>
<A><B><C name=Prod value=xyz></B><A>
Based on my limited knowledge, of logstash, I can only think of one way, - using a long conditional block , but that looks and feels wierd

Please let me know if there are primitives there can be used, to avoid this long conditionals

2

What if you use the xml filter's xpath option and list all possible locations of the product number? If you use the same destination field I think the xml filter only overwrites the value if the XPath expression actually returned something.

xml {
  xpath => [
    "/A/ProductNum/text()", "product_number",
    "/A/B/C[@name='Prod']/@value", "product_number",
    ...
  ]
}
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.