Hello,
just a quick question. What is the best filter for this type of logs:
I figured I would make a grok pattern, but I would just like to check if there is a better option, since the log is always formed as variablename="value".
Thanks and kind regards,
Uros
What type of logs? The example disappeared from your post. You probably need to format it as code with the </> button.
Hello,
it is supposed to be some proprietary xml format.
<data dt="2016-05-30 15:22:32" dtms="1464614552064" export="DATA_Network_Publisher" lang="en_US" id="1334660750794560311" guid="54334db0-bdb5-11f4-49d4-bb9b10dd8e4d" path="/Main group" name="0_DATA Network" type="Structuring model" typeGuid="" origType="Structuring model" userId="345234" userGuid="9b6d0bb3-102b-37fa-a57b-c4a39149518e" />
<data dt="2016-05-30 15:23:36" dtms="1464614616896" export="DATA_Network_Publisher" lang="en_US" id="1334660750794560311" guid="54334db0-bdb5-11f4-49d4-bb9b10dd8e4d" path="/Main group" name="0_DATA Network" type="Structuring model" typeGuid="" origType="Structuring model" userId="345234" userGuid="9b6d0bb3-102b-37fa-a57b-c4a39149518e" />
<data dt="2016-05-30 15:23:40" dtms="1464614620303" export="DATA_Network_Publisher" lang="en_US" id="1334660750794560311" guid="54334db0-bdb5-11f4-49d4-bb9b10dd8e4d" path="/Main group" name="0_DATA Network" type="Structuring model" typeGuid="" origType="Structuring model" userId="345234" userGuid="9b6d0bb3-102b-37fa-a57b-c4a39149518e" />Use the xml filter.
Hi,
what @magnusbaeck just said :-P, a config like
filter {
xml {
source => "message"
target => "foo"
}
}
for the filter section would be enough, keep in mind to add the target field otherwise strange errors might show up. see https://github.com/logstash-plugins/logstash-filter-xml/issues/37
Hey all,
perfect. I already tried to use the xml filter and it didn´t work. It looks like I made some config error (probably overcomplicated things), because with this minimal config it is working perfectly. 
Thanks and kind regards,
Uros
Just a quick question regarding the target field. Now the parsed data looks like:
target.field = value
Is it possible to parse xml data to the top level? I don't know how to explain. I would like to have the field name on the top "level".
Kind regards,
Uros
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.