Multiline pattern setting for multiple loglines in XML file

kishorerv93 · May 30, 2019, 9:56pm

Hi,

Below is my xml file.

Now my question is, I was able get every line in the above xml in a each message, but i'm unable to get all the log lines in a single message.

Anyone can assist ?

Thanks

<?xml-stylesheet alternate="yes" href="./event_log.xsl" type="text/xsl"?>
<?xml-stylesheet alternate="yes" href="file://c:/drive/bin/event_log.xsl" type="text/xsl"?>
<EventLog SetMinutes="800" Id="8000" Process="Player.exe">
<Clock ClockId="CLk-21e21412414=4-1341341414141"/>
<Entry serial_no="0" mcycle="2132424124-4141" Thread="player" ThreadId="tester" Seconds="11231243241.354123" Severity="info" >Local player details  - Receievd metrics
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 400 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 30 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 130 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 3300 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1300 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 400 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 30 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 130 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 3300 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1300 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached to 733 level and need to get an xp
</Entry>
</Eventlog>

This is how my multiline in filebeat.yml looks like

multiline.pattern: '^<Entry|^=[a-z]'
      multiline.negate : false
      multiline.match: after

My logstash.conf

input{
   beats {
       port => 5044
 }

}
filter{
    xml{
        source => message
        store_xml => true
        target => "doc"
        xpath => ["/Eventlog[@name='ThreadId']@value",  "ThreadId",
                          "/Eventlog[@name='Thread']@value",  "Thread",
                          "/Eventlog[@name='Secs']@value",  "Seconds",
                          "/Eventlog/Entry/text()", "details"
                          ]
}

Now my question is, I was able get every line in the above xml in a each message, but i'm unable to get all the log lines in a single message.

Anyone can assist ?

Thanks

kishorerv93 · May 31, 2019, 2:56pm

```multiline.pattern: '^<Entry|^=[a-z]'
    multiline.negate : false
    multiline.match: after```


My logstash.conf
input{
 beats {
     port => 5044
}

}
filter{
  xml{
      source => message
      store_xml => true
      target => "doc"
      xpath => ["/Eventlog[@name='ThreadId']@value",  "ThreadId",
                        "/Eventlog[@name='Thread']@value",  "Thread",
                        "/Eventlog[@name='Secs']@value",  "Seconds",
                        "/Eventlog/Entry/text()", "details"
                        ]
}


  Now my question is, I was able get every line in the above xml in a each message, but i'm unable to get all the log lines in a single message.

Anyone can assist ?

Thanks

Reply

This topic will close a month after the last reply.

Bookmark Share Flag Reply

Watching

You will receive notifications because you created this topic.

There are 2 unread and 211 new topics remaining, or browse other topics in Filebeat

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

system · June 28, 2019, 2:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Multiline pattern setting for multiple loglines in XML file

This topic will close a month after the last reply.

Suggested Topics

There are 2 unread and 211 new topics remaining, or browse other topics in Filebeat