Xml filter on nested element

StashLogs · March 11, 2021, 2:06pm

I managed to solve the problem. I tried the split/aggregate solution the whole day, but it did not end up working as expected.
But, the first option you presented was a success. A ruby filter, inspired by the post you linked and
this post helped to get the final solution.

	ruby {
      init => "require 'nokogiri'"
        code => "
              oldHistory ||= event.get('history')
              newHistory ||= []
              field1CReplacement = {}
              oldHistory.each { |x|

                if x.include? 'field1C'
                  value = x['event_history_xmlclassification']
                  doc = Nokogiri::XML::Document.parse(value, nil, value.encoding.to_s)
                  doc.remove_namespaces!
				  
                  attr1 = doc.xpath('/xmlRootTag/@attr1').text
                  field1CReplacement['attr1'] ||= attr1
                  attr2 = doc.xpath('/xmlRootTag/@attr2').text
                  field1CReplacement['attr2'] ||= attr2
                 
				  
                  x['field1CReplacement'] = field1CReplacement
                end
                 newHistory << x
              }
              event.set('history', newHistory)
            "
    }

Thanks you for your guidance!

Topic		Replies	Views
XML some similare tags generate row for each Logstash	4	9	October 24, 2024
Manipulating XML before hitting XML Filter Logstash	33	3850	March 30, 2018
Xml filter plugin - creating nested field out of null object: Can't get text on a END_OBJECT Logstash	11	2182	July 6, 2017
Logstash Ruby filter not saving when fields change Logstash	3	109	July 2, 2024
Xml filter does not work Logstash	13	626	February 28, 2019

Xml filter on nested element

Related Topics