I'm looking to parse out the specific fields indicated in each entry id tag.
<?xml version='1.0' encoding='ISO-8859-1' ?><log>
<sign type='' digest='' />
<entry id='' v='' fdate='' date='' plugin_id='' sensor='' src_ip='' dst_ip='' src_port='' dst_port='' tzone='' datalen='' data='' plugin_sid='' proto='' ctx='' src_host='' dst_host='' src_net='' dst_net='' username='' userdata1='' userdata2='' userdata3='' userdata4='' userdata5='' userdata9='' idm_host_src='' idm_host_dst='' idm_mac_src='' idm_mac_dst='' device=''/>
Any examples of what you would refer to in the xml filter to identify available fields would be extremely helpful.
wwalker
March 6, 2018, 3:11am
2
Interesting, it's all one large XML element with lots of attributes? In any case, the XML filter with xpath should probably get you going.
This is a good place to start if you're unfamiliar with XPath.
Given that this doesn't conform to your logs format, here's a simple example
Example XML
<Top>
<TopData>1</TopData>
<Middle>
<Bottom>
<BottomData>20</BottomData>
</Bottom>
</Middle>
</Top>
Example Filter
filter {
xml {
xpath => [
"top/topdata/text()", "Top Data",
"top/middle/bottom/bottomdata/text()", "Bottom Data"
]
}
}
Resulting Fields
Thanks so much @wwalker
This is exactly what I was looking for.
system
April 3, 2018, 12:43pm
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.