Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/xml/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
如何使用logstash解析xml并忽略全局标记?_Xml_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Logstash - Fatal编程技术网 elasticsearch,logstash,Xml,elasticsearch,Logstash" /> elasticsearch,logstash,Xml,elasticsearch,Logstash" />
Fatal编程技术网
  • xml/
  • 如何使用logstash解析xml并忽略全局标记?

如何使用logstash解析xml并忽略全局标记?

xml logstash

如何使用logstash解析xml并忽略全局标记?,xml,elasticsearch,logstash,Xml,elasticsearch,Logstash,我正在使用logstash解析s3存储桶中的xml,并将其发送到elasticsearch服务器。我所有的xml都在一个标记中 <ServiceSales xmlns="dmoes">  <ServiceSalesDetailsClosed>...</ServiceSalesDetailsClosed> <ServiceSalesDetailsClosed>...</ServiceSalesDetailsClosed&g

我正在使用logstash解析s3存储桶中的xml,并将其发送到elasticsearch服务器。我所有的xml都在一个标记中

<ServiceSales xmlns="dmoes"> 
     <ServiceSalesDetailsClosed>...</ServiceSalesDetailsClosed> 
     <ServiceSalesDetailsClosed>...</ServiceSalesDetailsClosed>
</ServicesSales>
通过这种方式,我可以通过ServicesSalesDetailsClosed获得xml divisie,但不会解析事件

忽略并使用多行代码

codec => multiline {
    pattern => "<ServiceSalesDetailsClosed>"
    negate => "true"
    what => "previous"
}

codec=>多行{
模式=>“”
否定=>“真”
什么=>“以前的”
}
除了第一个不是解析的事件外,它可以工作

你知道我怎么做吗?

我也遇到过类似的情况。对于此xml:

<ROOT number="34">
    <EVENT name="hey"/>
    <EVENT name="you"/>
</ROOT>

<ROOT number="34">
    <EVENT name="hey"/>
    <EVENT name="you"/>
</ROOT>

input {
  file {
    path => "/path/prueba.xml"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    codec => multiline {
      pattern => "<ROOT"
      negate => "true"
      what => "previous"
      auto_flush_interval => 1
    }
  }
}
filter {
  xml {
    source => "message"
    target => "xml_content"
  }
  split {
    field => "xml_content[EVENT]"
  }
  mutate {
    add_field => { "number" => "%{xml_content[number]}" }
    add_field => { "name" => "%{xml_content[EVENT][name]}" }
    remove_field => ['xml_content', 'message', 'path']
  }
}
output {
  stdout {
    codec => rubydebug
  }
}

{
        "number" => "34",
    "@timestamp" => 2016-12-23T12:20:35.587Z,
      "@version" => "1",
          "name" => "hey",
          "tags" => [
        [0] "multiline"
    ]
}
{
        "number" => "34",
    "@timestamp" => 2016-12-23T12:20:35.587Z,
      "@version" => "1",
          "name" => "you",
          "tags" => [
        [0] "multiline"
    ]
}