Hi , I am trying to parse a XML result file
input {
file {
path => "C:/win10Automation/mytest/test_out.xml"
start_position => "beginning"
type => "xml"
sincedb_path => "/dev/null"
codec => multiline {
pattern => "^<status\b"
negate => true
what => "previous"
max_lines => 300000
auto_flush_interval => 10
}
}
#beats {
# port => "5044"
#}
}
filter {
xml {
remove_namespaces => true
source => "message"
store_xml => false
xpath =>
[
"suite/test/kw/kw/kw/kw/status", "matafmethod",
"suite/test/kw/kw/kw/kw/status/@status", "matafteststatus"
]
}
split {
field => "matafteststatus"
remove_field => "message" # the whole message isn't particularly applicable to individual events after the split
}
mutate {
add_field => ["myteststatus" ,"%{matafteststatus}"]
}
}
output {
elasticsearch {
codec => json
hosts => "localhost:9200"
index => "test56"
}
stdout {
codec => rubydebug
}
but instead of getting
status="PASS"
i am getting result
also _split_type_failure error ,
<suite source="/Users/SourceCode/Tests/TestScripts/TestSuite4/mytc_TC_002.txt" id="s1-s1-s2" name="mytc TC 002">
<test id="s1-s1-s2-t1" name="mytc_TC_002">
<kw name="Run Keyword If" library="BuiltIn">
<kw name="IOS Script">
<kw name="Launch IOSApplication" library="CommonFunc">
<kw name="Run Keyword And Return Status" library="BuiltIn">
<status status="PASS" endtime="20180710 17:52:49.411" starttime="20180710 17:52:30.275"></status>
<status status="PASS" endtime="20180710 17:52:49.412" starttime="20180710 17:52:30.275"></status>
</kw>
</kw>
</kw>
</kw>
</test>
</suite>
here is sample XML file
please help to resolve