Hello, I am new to elastic. I am trying to parse XML logs using Logstash. As a result, I am using an input file plugin, and for the filtering process, I am using an XML plugin.
Pipeline is running successfully, but showing the number of events as 0 means it's not taking input or processing any data. Below is the code within
test.conf file for the reference.
input
{
file
{
path => "C:\ELKStack\samplelog.xml"
start_position => "beginning"
sincedb_path => "C:/ELKStack/logstash-8.8.1-windows-x86_64/logstash-8.8.1/data/sincedb"
codec => multiline
{
pattern => "<entry>"
negate => true
what => "previous"
}
}
}
filter
{
xml
{
source => "message"
store_xml => true
target => "parsed_log"
force_array => false
xpath=> [
"/log/entry/timestamp/text()","timestamp",
"/log/entry/message/text()","message"
]
}
}
output
{
stdout{}
}
I also checked and modified the file permissions within the permissions for users, system, and administrators, giving them full control of the file.
I am also pasting, sample log below for reference.
<log>
<entry>
<timestamp>2023-06-12 10:35:21</timestamp>
<message>Application started</message>
</entry>
<entry>
<timestamp>2023-06-12 10:38:12</timestamp>
<message>User logged in</message>
</entry>
<entry>
<timestamp>2023-06-12 10:42:05</timestamp>
<message>Error: Invalid input detected</message>
</entry>
<entry>
<timestamp>2023-06-12 10:46:32</timestamp>
<message>Database connection established</message>
</entry>
<entry>
<timestamp>2023-06-12 10:48:55</timestamp>
<message>Record inserted successfully</message>
</entry>
</log>
Kindly let me know if there are any modifications.
Thanks in Advance