Logstash Filter: I want to match this expression using "if" condition

@AquaX Put this in input plugin or filter plugin?

@Badger @aaron-nimocks @AquaX think an issue in starting logs, it is starting with date format and text before XML. How to clean and split message to begin with XML or contain XML only?

for example in screenshot I want to split after {}Payload: and keep message contains xml only.

You could use mutate+gsub to replace the text before/after soap:envelope, but if you use store_xml => true you do not need to do that -- the xml filter will ignore non-XML text surrounding the XML.

Thanks @Badger How to ignore logs that do not contain XML?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.