I am a Logstash beginner and have probably a relatively simple question.
Im using xpath to get data from a xml document (have shortened the code on purpose):
After that i would like to use the aggregate filter (Correct me if im wrong, but i guess its the simplest method to get, what i would like to have) to have all informations from /Event (Date, Version) in my /E (Severity) Kibana-table to use my filter KQL Syntax to match it and as already said have like all informations from /Event in the Severity table.
I have already looked at the instructions for the filter on the Elastic website, I just don't understand how to apply it with my Xpath data and if it is even possible.
Could anybody help me with my problem or give me a brief introduction in the aggregate filter with xpath data? Unfortunately i am also a bit confused how to implement the syntax of the query correctly.
And i would like to get the attributes for example "Date" = 2021-08-21 or "Version" V1 from the events element to my E Element with attribute Severity. (I thought aggregate could be the easiest solution)
For my usecase there will be more Attributes to add to the E Element fields, but i just wanted a brief introduction to this topic and try to solve the issue after that by myself.
Sounds like you are trying to combine fields from different events into the same document in Elasticsearch?
If that is the case, my suggestion would be to generate a unique document id, e.g. using fingerprint filter, and then index both events into the same document in Elasticsearch.
i will have a look at the fingerprint filter, thank you! My Usecase would be to read in all Elements and after that doing queries to evaluate the data.
For example: StartDate <= 2021-08-21 and Version : V1 and Severity : Info
So like you said, i might have to generate such a ID and index the events together.
So my fingerprint configuration looks like this, but as in the wiki-docs mentioned:
"This example produces a single fingerprint that is computed from "birthday (should be Severity here)" the last source field."
Issue: -> i´m only receiving the last line of my logs as a document, but with all informations from /Events and /E. (i have got around 200.000 lines in my .xml)
So it worked to combine the Element Events with the Element E.
However my Usecase would be to have like all Loglines from my file with the Informations from both Elements (Events & E)
My question here is how to configure the fingerprint filter, that im getting like a loop, which prints the /E Elements combined with /Events from the first to last log line. I also have got some difficulties with the output and if
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.