I have a lot of logs each one stored in the following xml file:
What I want to achieve:
- create fields in elasticsearch that stores the following:
MainActivityText = "TEST"
My config file:
input {
file {
path => "/path/*.xml"
start_position => "beginning"
type => "xml"
sincedb_path => "/dev/null"
codec => multiline {
pattern => "<Remarks"
charset => "ISO8859-8"
what => "previous"
negate => "true"
}
}
}
filter {
xml {
source => "message"
store_xml => false
force_array => false
target => "Remarks"
xpath => [
"/Remarks/MainActivity/text()", "MainActivityText"
]
}
}
output {
file
{
path => "/path/output.txt"
}
elasticsearch
{
hosts => ["https://elastic:9200"]
user => "elastic"
password => ""
ssl => true
ssl_certificate_verification => true
cacert => "/path/sub_ca.crt"
index => "test-%{+YYYY.MM}"
}
}
But the output is not what I expect to get. I just get the whole xml stored in the index.