Hi,
Tried this but still not working. Sharing the complete logstash config file and to answer your question - Iam not updating data anywhere in between. Is there can be a possibility that the xml is stored as a string and logstash is not able to understand. Can we search a string with in and substring the value?
input {
jms {
include_header => true
include_properties => true
include_body => true
use_jms_timestamp => true
timeout => -1
destination => "q.logstash"
pub_sub => false
yaml_file => "/home/elastic/softwares/logstash-7.11.1/config/ems.yml"
yaml_section => "ems"
}
}
filter
{
xml {
remove_namespaces => "true"
source => "message"
store_xml => "false"
target => "doc"
xpath => [
"//conversationId/text()","conversationId",
"//eventId/text()","eventId",
"//correlationId/text()","correlationId",
"//systemConsumer/text()","systemConsumer",
"//systemDestination/text()","systemDestination",
"//serviceName/text()","serviceName",
"//payload/text()","payload"
]
}
xml {
remove_namespaces => "true"
source => "payload"
store_xml => "false"
target => "doc2"
xpath => [
"//customerId/text()","customerId"
]
}
}
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "inderforlogstash"
}
}