HTTP로 들어오는 xml 형식을 받고 싶은데 받기는 받아지는데 필드들이 자기자리를 찾아서 저장이 안되네요 ㅠㅠ
conf 파일은 아래와 같습니다.
input {
file {
path => "/usr/local/ELK/logstash-6.3.2/config/test1.xml"
start_position => "beginning"
sincedb_path => "/dev/null"
type => "xml"
}
stdin {
# codec => xml
}
http {
host => "127.0.0.1"
port => "5001"
}
}
filter {
xml {
remove_namespaces => true
source => "message"
xpath => ["/title/text()", "title","/destination/text()", "destination","/log/text()", "log","/date/text()", "date"]
target => "doc"
store_xml => true
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "t5"
# document_type => "test"
user => "elastic"
password => "root123"
}
stdout {}
}
여기에 아래 curl을 던지면
curl -XPUT 'http://127.0.0.1:5001' -d '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><title>name</title><destination>my name</destination><log>hi~ my name is taewoo!</log><date>2018-09-04T09:00:00</date>'
아래와 같이 저장됩니다.
{
"@timestamp" => 2018-09-06T05:01:53.292Z,
"tags" => [
[0] "_xmlparsefailure"
],
"@version" => "1",
"message" => "curl -XPUT 'http://127.0.0.1:5001' -d '<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>namemy namehi~ my name is taewoo!2018-09-04T09:00:00'",
"host" => "hostname"
}
아래와 같은 형태의 파일을 읽어도 첫번째 title부분만 저장됩니다.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><title>name</title><destination>my name</destination><log>hi~ my name is taewoo!</log><date>2018-09-04T09:00:00</date>
결과:
{
"tags" => [
[0] "_xmlparsefailure"
],
"@version" => "1",
"path" => "/usr/local/ELK/logstash-6.3.2/config/test1.xml",
"@timestamp" => 2018-09-06T05:01:51.213Z,
"title" => [
[0] "name"
],
"message" => "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>namemy namehi~ my name is taewoo!2018-09-04T09:00:00",
"type" => "xml",
"host" => "hostname"
}
잘 저장시킬수 있는 방법 없을까요?