Hi,
I am trying to read IO logs files using file beat and having issues with the getting all the lines of xml into the logstash.
here is sample of what i am trying to read https://play.golang.org/p/wZL0Vd3tx_
The problem is this sample works , however event coming from file beat always misses the closing tag.
The same xml when read via File beats filter, is giving me in_xml as following
<WSI_transaction> <request_header> <message_protocol>1</message_protocol> <request_id>,mydi</request_id> <authentication_data> <facility>Facilty</facility> <username>AVD</username> <password>12333</password> </authentication_data> </request_header> <body> <request_data> <request_version>1</request_version> <operation>aCD</operation> </request_data> </body>
Note the WSI_transaction closing tag is missing.
I have following as file beat multiple line settings, Since my xml can start with any of the following tags, hence the first line has multiple tags for first match.
multiline.pattern: '^(<Envelope>|<WSI_transaction>|<Requests>|<Results>)'
multiline.negate: true
multiline.match: after
logstash config uses greedy data to get everything
match => { "message" => "%{GREEDYDATA:inxml}" }
Can i can some help in understanding this behavior ?