LOGSTASH - MULTILINE XML IN LOG

Daniel_Lopez · August 5, 2021, 11:37am

Hi to all

I'm trying to parse xml info that it is in a log file, I tried with different configs, without luck, the actual one is this, but I tried with TIMESTAMP too, and join lines without sense

codec => multiline{
 chartset => "UTF-8"
 pattern => "^.*?\<"
 negate => true
 what => "next"
} 

or

codec => multiline{
 chartset => "UTF-8"
 pattern => "^%{TIMESTAMP_ISO8601}"
 negate => true
 what => "previous"
}

Log Example

021-08-05 09:31:19,085 5595322766 ERROR [java] (Thread-1080919:) Missing Configuration 
2021-08-05 09:31:19,085 5595322766 ERROR [java] (Thread-1080919:) ExporterMessageTaskHandler, 
2021-08-05 09:31:19,085 5595322766 INFO  [java] (Thread-1080919:) ExporterMessageTaskHandler, 
2021-08-05 09:31:19,085 5595322766 INFO  [java] (Thread-1080919:) ExporterMessageTaskHandler is finished 
2021-08-05 09:31:19,459 5595323140 INFO  [java] (Thread-1080931:) XML To FTP: 
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<request>
    <request_id>111222333</request_id>
    <request_mode>1</request_mode>
    <is_urgent>0</is_urgent>

        <warrant_attachment>
             <file_content>JVBERi0xLjMNJeLjz9MNCjEgMCBvYmoNPDwvTWV0YWRhdGEgOCAwIFIvUGFnZXMgMiAwIFIvVHlwZS9DYXRhbG9nPj4NZW5kb2JqDTIgMCBvYmoNPDwvTWVkaWFCb3hbMC4wIDAuMCA1OTEuODQgODM3LjEyXS9Db3VudCAxL1R5cGUvUGFnZXMvS2lkc1s0IDAgUl0+Pg1lbmRvYmoNNCAwIG9iag08PC9QYXJlbnQgMiAwIFIvQ29udGVudHMgNiAwIFIvUGllY2VJbmZvPDwvUFNMPDwvUHJpdmF0ZTw8L1YoMy4yLjkpPj4vTGFzdE1vZGlmaWVkKEQ6MjAyMTA4MDUwNzQ1NDQtMDAnMDAnKT4+Pj4vTWVkaWFCb3hbMC4wIDAuMCA1OTEuODQgODM3LjEyXS9SZXNvdXJjZXM8PC9YT2JqZWN0PDwvSW0wIDUgMCBSPj4vUHJvY1NldFsvUERGL0ltYWdlQl0+Pi9UeXBlL1BhZ2U+Pg1l</file_content>
        </warrant_attachment>
    
    
    <request_type>
        <target_key>
            <name>PEPE</name>
            <case_id>PEPE_CASE</case_id>
         
           
        </target_key>
    </request_type>
</request>

2021-08-05 09:31:27,509 5595331190 ERROR [java] (Thread-14:) java Config Exception 

2021-08-05 09:31:37,539 5595341220 ERROR [java] (Thread-14:) java

The label file_content is huge, but it is not the issue, the issue is that lines with date joins together, with both config, and I only what to join XML labels into one line to grok the message.

Could any have another idea?

BR

system · September 2, 2021, 11:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help with parsing multiline XML file Logstash	4	2894	July 6, 2017
Logstash XML Parsing Using multiline Logstash	1	1105	July 6, 2017
Parsing multiline logs : line + xml Logstash	10	6634	July 6, 2017
Using logstash Logstash	8	1792	July 6, 2017
Parsing XML managing arrays and multilines Logstash	3	1705	July 6, 2017

LOGSTASH - MULTILINE XML IN LOG

Related topics