Logstash xml filter with xpath with multiple fields query

moriol · January 19, 2018, 8:28am

I have an xml file, which contains fields like:

With xpath, within xml filter, I get the fields returned as below, with each element in its array:
"PhaseName" => [
[ 0] "CRITICAL",
[ 1] "TEST",
[ 2] "OTHER",
[ 3] "XYZ"
]
"PhaseState" => [
[ 0] "NA",
[ 1] "NA",
[ 2] "NA",
[ 3] "SUCCESSFUL"
]
How to format xpath, to return data corresponding to the correct field, in an array together?
Looking to achieve result such as:
{GlobalState=OK
[Phase Name=>"CRITICAL", State=>"NA"]
[Phase Name=>"TEST", State=>"NA"]
}
I can have multiple phase states, for each given output.

magnusbaeck · January 28, 2018, 9:33pm

You'll have to use a ruby filter. This exact question came up a couple of months ago so you might be able to find a solution in that thread. The zip function of Ruby arrays should be useful to you.

moriol · January 30, 2018, 9:55am

Hi Magnus,

I have found a ruby solution for this, just as you say. I parsed the data and then was able to use the following:
ruby {
code => '
event.set("GlobalState", event.get("[parsed][specifc-location][0][GlobalState]"))
'
}

Thanks for your suggestion.

Topic		Replies	Views
XML Filter :How to create array of objects using xml filter (xpath) Logstash	4	1801	September 10, 2018
Xpath from array to single fields Logstash	1	742	September 15, 2017
XML Filter Help Required Logstash	7	7753	July 6, 2017
Xpath filtering Logstash	7	412	April 24, 2019
Xpath output brings arrays instead of json Logstash	1	305	November 7, 2018

Logstash xml filter with xpath with multiple fields query

Related topics