On XML filter
- How is the event been decided by the logstash for its processing ?
- In my following input xml, how should I flatten this xml using xpath to ingest json to ES
My case data:
Prferred json outcome to ingest into ES :
{
OBJECT_NAME : "CLISTATS"
HEAP_ID : "CLISTATS.0'"
ZOBJNAME: "POWERPOINTVIEW_P"
ZOBJDOMN: "INBOUND"
}
{
OBJECT_NAME : "CLISTATS"
HEAP_ID : "CLISTATS.1'"
ZOBJNAME: "POWERPOINTVIEW_P"
ZOBJDOMN: "INBOUND"
}
}
Logstash config file I've been trying with different combinations, but not fructifying .Appreciate any pointers on this ?
input {
beats {
port => 5044
}
}
filter{
xml {
target => "doc"
store_xml => false
source => "message"
xpath => [ "/RMP/OBJECT/@NAME", "OBJECT_NAME" ,
"/RMP/OBJECT//HEAP/@id" , "HEAP_ID" ,
"/RMP/OBJECT/HEAP/FIELD/@NAME" , "FIELD_NAME" ,
"/RMP/OBJECT/HEAP/FIELD/@VALUE" , "FIELD_VALUE"
]
mutate {
remove_field => [ "@version", "path", "tags", "type", "agent", "ecs" , "input", "log"]
}
}
output {
stdout { codec => rubydebug }
}