I am trying to output from Logstash to Elasticsearch the "result" (pass) in my xml file that consists of this single line:
<test_results><test_result result="pass" title="Name_Of_Test"></test_result></test_results>
Here is my config file:
input{
file{
path => "C:\Test.xml"
start_position => "beginning"
}
}
filter {
xml {
source => "message"
store_xml => false
target => "xml_content"
xpath =>
[
"/test_results/test_result[@result]", "result"
]
}
}
output {
stdout { codec => rubydebug }
}
When Ioad logstash with the config file, I get the following:
C:\logstash-6.7.1\bin>logstash -f logstash2.conf
Sending Logstash logs to C:/logstash-6.7.1/logs which is now configured via log4j2.properties
[2019-09-17T17:21:29,303][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-09-17T17:21:29,318][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.7.1"}
[2019-09-17T17:21:34,498][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>12, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2019-09-17T17:21:36,426][INFO ][logstash.inputs.file ] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"C:/logstash-6.7.1/data/plugins/inputs/file/.sincedb_903218998ef9435ea312b7206f56cac9", :path=>["C:\Test.xml"]}
[2019-09-17T17:21:36,462][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x2535e1df run>"}
[2019-09-17T17:21:36,496][INFO ][filewatch.observingtail ] START, creating Discoverer, Watch with file and sincedb collections
[2019-09-17T17:21:36,500][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2019-09-17T17:21:36,766][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
I am wondering if the issue could be that my input plugin is not generating events or something is wrong with my installation of the xml filter plugin.