Xml filter on nested element

StashLogs · March 11, 2021, 2:06pm

I managed to solve the problem. I tried the split/aggregate solution the whole day, but it did not end up working as expected.
But, the first option you presented was a success. A ruby filter, inspired by the post you linked and
this post helped to get the final solution.

	ruby {
      init => "require 'nokogiri'"
        code => "
              oldHistory ||= event.get('history')
              newHistory ||= []
              field1CReplacement = {}
              oldHistory.each { |x|

                if x.include? 'field1C'
                  value = x['event_history_xmlclassification']
                  doc = Nokogiri::XML::Document.parse(value, nil, value.encoding.to_s)
                  doc.remove_namespaces!
				  
                  attr1 = doc.xpath('/xmlRootTag/@attr1').text
                  field1CReplacement['attr1'] ||= attr1
                  attr2 = doc.xpath('/xmlRootTag/@attr2').text
                  field1CReplacement['attr2'] ||= attr2
                 
				  
                  x['field1CReplacement'] = field1CReplacement
                end
                 newHistory << x
              }
              event.set('history', newHistory)
            "
    }

Thanks you for your guidance!

Topic		Replies	Views
Created nested fields from Xpath & check for existing documents Logstash	3	487	February 11, 2020
XML filter - processing of an array of values Logstash	5	520	September 14, 2021
Create an array from a nested XML field Logstash	4	1586	July 6, 2017
Access nested fields with wildcards? Logstash	3	1145	July 6, 2017
Removing null fields from nexted fields - xml filter Logstash	6	1186	July 6, 2017

Xml filter on nested element

Related topics