In Kibana, each element of the XML file shows up as its own "event", in this case there were 5 XML elements (e.g., <heading></heading>), so there are 5 hits:
What I want instead is to have one "hit" per document, with the XML elements as fields. So using the simple file as an example, there would be one hit with 5 fields. Is this possible?
Maybe part of the problem is that I'm not clear on how the source and target settings are to be used. That is, how do you create fields and then put the XML elements in the fields (for instance with xpath)?
@Badger thank you! Two follow-ups if you don't mind:
For this test, I'm using file input, but the end state will be beats input (from Filebeat on a file server), and this doc says multi-line codecs don't work with Beats input. Will the multi-line settings in filebeat.yml also work for my XML files?
Can I still use the xpath filter plugin to parse XML that has been collapsed to one line?
right now I'm looking for the solution for reading mass of xml file to parsing per document it means by file EOF (because it's related to internal xml attribute) when Logstash is reading files it thought that he can process a few file in the same chain. But the output such of operation is not desired.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
