用Logstash解析XML
我是ELK堆栈的anewbie,正在尝试使用Logstash处理下面的示例XML文件用Logstash解析XML,logstash,elastic-stack,logstash-configuration,Logstash,Elastic Stack,Logstash Configuration,我是ELK堆栈的anewbie,正在尝试使用Logstash处理下面的示例XML文件 <Book:Body> <Book:Head> <bookname>Book:Name</bookname> <ns:Hello xmlns:ns="www.example.com"> <ns:BookDetails> &
<Book:Body>
<Book:Head>
<bookname>Book:Name</bookname>
<ns:Hello xmlns:ns="www.example.com">
<ns:BookDetails>
<ns:ID>123456</ns:ID>
<ns:Name>ABC</ns:Name>
</ns:BookDetails>
</ns:Hello xmlns:ns="www.example.com">
</Book:Head>
</Book:Body>
非常感谢您在这方面提供的帮助。使用多行过滤器和XML有点棘手,而且不太稳定。我建议保持简单,确保文件中没有新行,然后尝试使用XML过滤器。使用多行过滤器和XML有点棘手,而且不太稳定。我建议保持简单,确保文件中没有新行,然后尝试使用XML过滤器。检查XPath。它没有任何名称空间,请检查XPath。它没有任何名称空间
input{
file{
path =>"/opt/data/book3.xml"
codec => multiline {
pattern =>"<Book:Body>"
negate => "true"
what => "previous"}
}
}
filter {
xml {
store_xml => "false"
source => "message"
remove_namespaces => "true"
xpath => [
"/Body/Head/Hello/BookDetails/ID/text()", "ID",
"/Body/Head/Hello/BookDetails/Name/text()", "Name"
]
}
mutate {
add_field => ["IDIndexed", "%{ID}"]
add_field => ["NameIndexed", "%{Name}"]
}
}
output{
elasticsearch {hosts=>"localhost"}
stdout { codec => rubydebug }
}
Starting pipeline {:id=>"main", :pipeline_workers=>1, :batch_size=>125, :batch_delay=>5, :max_inflight=>125, :level=>:info}
Pipeline main started