Logstash XML parsing failure due to no namespace defined

Saravana_Maadavan · May 3, 2020, 6:10pm

Hello,

I would like to store XMLs in elastic, so when I give "store_xml => true", I get a parsing exception because my whole XML is wrapped by a tag "<C:Message>" and the prefix "C" is not having any definition unfortunately (I know it is wrong implementation but the centralized logging framework is adding this parent tag, so would not be able to change). Now to overcome this, is there any solution such as add namespace or remove a particular prefix as such? I do not want to remove all the prefixes present in the document.

Sample XML:

<C:Message>
<Date>03-05-2020</Date>
<Time>11:00:34</Time>
<SOAP-ENV:Body>
<Customer>2432532</Customer>
</SOAP-ENV:Body>
</C:Message>

Cheers,
Maadavan

Saravana_Maadavan · May 5, 2020, 5:27am

Logstash Team,

Help or suggestions required here. Kindly do.

Cheers,
Maadavan

Badger · May 5, 2020, 3:29pm

You could use mutate+gsub to remove those.

Saravana_Maadavan · May 7, 2020, 8:51pm

@Badger,

Thanks a lot, your solution worked for replacing the necessary contents. However facing another exception while parsing huge XMLs. Have opened a new topic for the same. Marking your answer as solution.

https://discuss.elastic.co/t/logstash-throws-runtime-exception-while-parsing-huge-xml/231621

Cheers,
Maadavan

system · June 4, 2020, 8:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.