Hi,
Below is my Nested XML file.
<?xml-stylesheet alternate="yes" href="file://c:/drive/bin/event_log.xsl" type="text/xsl"?>
<EventLog SetMinutes="800" Id="8000" Process="Player.exe">
<Clock ClockId="CLk-21e21412414=4-1341341414141"/>
<Entry serial_no="0" mcycle="2132424124-4141" Thread="player" ThreadId="tester" Seconds="11231243241.354123" Severity="info" >Local player details - Receievd metrics
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 400 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 30 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 130 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 3300 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1300 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 400 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 30 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 130 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 3300 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1300 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached to 733 level and need to get an xp
</Entry>
</Eventlog>
My filebeat.yml multiline config.
multiline:
pattern: "^<Entry"
negate: true
match: after
Logstash.conf
xml {
source => "message"
target => "doc"
store_xml => true
force_array => true
xpath => [ "/EventLog/Entry[@name='Severity']/@Value", "Severity",
"/EventLog/Entry[@name='SysDate']/@Value", "SysDate",
"/EventLog/Entry[@name='SysTime']/@Value", "SysTime",
"/EventLog/Entry[@name='SysDateTime']/@Value", "SysDateTime",
"/EventLog/Entry[@name='Thread']/@Value", "Thread",
"/EventLog/Entry[@name='Category']/@Value", "Category",
"/Eventlog/Entry/text()", "details"
]
Multiline is working when i'm inputing as a file in logstash. Bu tit is not working when im using filebeat .
Can anyone help me out
Thanks