Hi ,
I am newbie to this technology and trying to set up new infra with Elasticsearch , logstash, and Kibana. I am using logstash-input-jms plugin to get XML message from the MQ queues. I can see the XML message in kibana but unable to parse the fields.
Do I need to install any plugin to make this filter work, I see that logstash-xml-filter is already installed as logstash package. Thanks for looking into this.
Here is the sample XML message
<Accounting Type="log" Code="log">
<MSGGRP Label="ANSI" UID="aab8af1a-dd5a-11e4-b669" Name="API" EGU="f2191a20-5801e" Message="Complete" StartDate="2017-04-12" StartTime="09:09:17.644215" EndDate="2017-04-12" EndTime="09:09:40.143948"/>
</Accounting>
here is my logstash.conf
input { stdin { } }
filter {
xml {
source => "message"
store_xml => "false"
xpath => ["/Accounting/MSGGRP/Label/text()","Label"]
xpath => ["/Accounting/MSGGRP/EGU/text()","EGName"]
xpath => ["/Accounting/MSGGRP/Message/text()","Message"]
xpath => ["/Accounting/MSGGRP/Name/text()","ApplicationName"]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
Here is the Output JSON
{
"_index": "logstash-2017.07.11",
"_type": "logs",
"_id": "AV0v8cWHr_X_oE0SK7pX",
"_score": 1,
"_source": {
"@timestamp": "2017-07-11T04:39:20.159Z",
"@version": "1",
"host": "PLNORM2",
"message": "<MSGGRP Label=\"ANSI\" UID=\"aab8af1a-dd5a-11e4-b669\" Name=\"API\" EGU=\"f2191a20-5801e\" Message=\"Completed\" StartDate=\"2017-04-12\" StartTime=\"09:09:17.644215\" EndDate=\"2017-04-12\" EndTime=\"09:09:40.143948\"/>\r"
},
"fields": {
"@timestamp": [
1499747960159
]
}
}