Trouble parsing xml file in logstash

shubh235 · November 22, 2018, 12:28pm

I am trying to load a basic xml file into logstash but somehow, the file is not loaded. No exceptions are thrown and I am running Logstash through command prompt and not as a service. Could you please check and help me figure out what I am doing wrong.

Below is my xml file :

<LogEntry>
<Terminal>SYSTEM</Terminal>
<EvTxt_1>6940</EvTxt_1>
<EvTxt_2>0</EvTxt_2>
<EvTxt_3>0</EvTxt_3>
<EvTxt_4>0</EvTxt_4>
<EvTxt_5>0</EvTxt_5>
</LogEntry>

And, my config file looks like this :

input {

 file {

  path => "C:\xml_test\test4.xml"
  start_position => "beginning"
  sincedb_path => "null"
  codec => multiline
  {
   pattern => "^<\?LogEntry .*\>"
   negate => false
   what => "next"
  }
 }
}

filter {
    xml {
        store_xml => false
        source => "message"
        target => "xml_content"
        xpath => ["/LogEntry/Terminal/text()","terminal"]
    }
}

output {
  stdout { codec => json_lines }
  elasticsearch {
  "hosts" => ["http://localhost:9200"]
  "index" => "xml_test"
  "document_type" => "data"
  }
}

Eniqmatic · November 22, 2018, 12:35pm

Try the following:

input {

 file {

  path => "C:/xml_test/test4.xml"
  start_position => "beginning"
  sincedb_path => "NUL"
  codec => multiline
  {
   pattern => "^<\?LogEntry .*\>"
   negate => false
   what => "next"
  }
 }
}

shubh235 · November 22, 2018, 1:07pm

Thank you. This works and now I have indexed this xml file in Elasticsearch. However, all the tags are stored now in message field.

Example : "message": "<EvTxt_5>0</EvTxt_5>\r"

How can I get the values of the tags to be stored in elasticsearch with field name as tag name ?

system · December 20, 2018, 1:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.