Parse XML sub tags as a separate log

Disha_Bodade · April 12, 2023, 12:36pm

Hi Team,
I have a XML formatted as below

<?xml version="1.0" encoding="UTF-8"?> 
<documents>
<Document><docID>101074476</docID><Title>End of Sale 1403 and 1416</Title><Author>clark13</Author></Document>
<Document><docID>101074474</docID><Title>End of Sale 1406 and 1417</Title><Author>clark14</Author></Document>
</document>

I need each <Document> as a separate log and then use xml filter on it.
I have used multiline codec as below

codec => multiline {
                pattern => "<Document>"
                negate => "true"
                what => "previous"
                }

but its not considering last entry from xml file. To add all logs as event I am adding empty <Document></Document> at last.

I think there is some change needs in multiline codec. Not sure what I can add to consider all from XML.

Thanks,
Disha

Badger · April 12, 2023, 3:43pm

You are not getting the last entry because the codec will not flush an event until the pattern matches. There is no line that matches the pattern after the last line that does so (obviously), so the last line is never flushed. You could set auto_flush_interval.

Personally I would consume the entire document using a multiline codec, then parse the XML to get an array of Document elements and use a split filter to separate those into one per event.

system · May 10, 2023, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
XML parsing logstash, adding part of XML tags to an array per event Logstash	2	1378	September 2, 2017
Can i use file filter for xml docs Logstash	12	2875	July 6, 2017
Logstash is waiting for new line even if in content is XML and multiline codec is used Logstash	2	887	February 7, 2017
How to pattern input codec multiline Logstash	1	489	May 4, 2017
Parsing multiline logs : line + xml Logstash	10	6634	July 6, 2017

Parse XML sub tags as a separate log

Related topics