That does not work. For an input like this we want either one event, containing the entire stations XML, or 2 events, each containing an entire station.
<stations>
<station>
<id>1</id>
</station>
<station>
<id>2</id>
</station>
</stations>
What we get is the first station ("<station>\n<id>1</id>\n</station>") but not the second, since there is no third station to trigger the end of the second event, and EOF does not trigger emission of an event.
stations not station
Have you tried it? I'd suggest turning on debug logging and watching the output. May want to change your stat_interval to something less frequent, the default 1s will flood the log making it hard to pull relevant data.
The below config files work perfectly
input {
file {
path => "C:\Users\186181152\Downloads\stations4.xml"
start_position => "beginning"
sincedb_path => "/dev/null"
codec => multiline {
pattern => "^"
what => "previous"
}
}
}
filter
{
xml
{
source => "message"
target => "doc"
store_xml => false
xpath => ["//station/name/text()","station_name"]
xpath => ["//station/id/text()","station_id"]
}
}
output
{
elasticsearch
{
action => "index"
hosts => "localhost:9200"
workers => 1
}
stdout
{
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.