Logstash: Adding custom field to documennt

Badger · July 10, 2018, 3:49pm

I would use a multiline codec for that

input { stdin { codec => multiline { pattern => "</Object>" negate => true what => "next" auto_flush_interval => 3 } } }

Then an xml filter

filter { xml { source => "message" store_xml => true target => "theXML" force_array => false } }

At that point you have a couple of choices. You could flatten the attributes using a ruby filter.

    ruby {
        code => '
            event.get("[theXML][Attribute]").each { |v|
                event.set("[Attributes]" + v["name"], v["value"])
            }
        '
    }

Or you could iterate over the set and just stash the value you want in a temporary place, then use it to build the id.

    ruby {
        code => '
            event.get("[theXML][Attribute]").each { |v|
                if v["name"] == "Last Modified On"
                    event.set("[@metadata][lastModified]" , v["value"])
                end
            }
        '
    }

Topic		Replies	Views
How to create a custom document Logstash	5	703	December 9, 2019
Customize document fields in elasticsearch Logstash	2	234	August 8, 2018
XML Logstash Logstash	2	196	July 25, 2021
How to add_field and covert field type while parsing nested xml Logstash	6	2270	July 6, 2017
XML child nodes with varying number into one ElasticSearch field? Logstash	7	954	October 12, 2018

Logstash: Adding custom field to documennt

Related topics