Struggling to parse XML using Logstash

Igor_Olikh · September 15, 2020, 7:19am

I have a lot of logs each one stored in the following xml file:

What I want to achieve:

create fields in elasticsearch that stores the following:

MainActivityText = "TEST"

My config file:

input {
    file {
        path => "/path/*.xml"
        start_position => "beginning"
        type => "xml"
        sincedb_path => "/dev/null"
        codec => multiline {
            pattern => "<Remarks"
            charset => "ISO8859-8"
            what => "previous"
            negate => "true"
        }
    }
} 

filter {
    xml {
        source => "message"
        store_xml => false
        force_array => false
        target => "Remarks"
        xpath => [
            "/Remarks/MainActivity/text()", "MainActivityText"
        ]
    }
} 

output {
    file
    {
        path => "/path/output.txt"
    }

    elasticsearch
    {
          hosts => ["https://elastic:9200"]
          user => "elastic"
          password => ""
          ssl => true
          ssl_certificate_verification => true
          cacert => "/path/sub_ca.crt"
          index => "test-%{+YYYY.MM}"
    }
}

But the output is not what I expect to get. I just get the whole xml stored in the index.

system · October 13, 2020, 7:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing xml using logstaash xpath Logstash	24	5808	March 12, 2018
Trouble parsing xml file in logstash Logstash	3	325	December 20, 2018
Store XML to Index in ES using logstash Logstash	11	2914	April 13, 2018
XML on Elasticsearch Logstash	10	751	August 29, 2018
XML XPath filter is parsing fields but not inserting in Elasticsearch Logstash	9	1921	April 11, 2018

Struggling to parse XML using Logstash

Related topics