Well,不要刷屏了

logstash解析xml文件问题

Logstash | 作者 bonate | 发布于2019年08月13日 | 阅读数:2479
分享到:QQ空间新浪微博微信QQ好友印象笔记有道云笔记
如:
<a>
    <a1>11111</a1>
     <a2>
           <a21>22222</a21>
     </a2>
     <a3>
           <a31>33333</a31>
     </a3>
</a>
解析成:
{a1=11111,a21=22222}
{a1=11111,a31=33333}
2019-08-13 添加评论

没有找到相关结果

    已邀请:

    stone_xy

    赞同来自: bonate

    使用xml filter即可。
    配置如下:
    input
    
{
    
    file
    
    {
    
        path => "/tmp/es/logs/*.xml"
    
        start_position => "beginning"
    
        sincedb_path => "/dev/null"
    
        exclude => "*.gz"
    
        type => "xml"
    
        codec => multiline {
    
             pattern => "<a>" 
    
             negate => "true"
    
             what => "previous"
    
        }
    
    }
    
}
    

    
filter
    
{
    
  xml
    
  {
    
    source => "message"
    
    store_xml => false
    
    target => "stations"
    
    force_array => false
    
    xpath => [
    
      "/a/a1/text()", "a1",
    
      "/a/a2/a21/text()", "a21",
    
      "/a/a3/a31/text()", "a31"
    
    ]
    
  }
    
    mutate {
    
        remove_field => ["@timestamp", "@version","type","path","host","tags"]
    
        replace => { "a1" => "%{a1[0]}" }
    
        replace => { "a21" => "%{a21[0]}" }
    
        replace => { "a31" => "%{a31[0]}" }
    
    }
    
}
    

    
output
    
{
    
    stdout
    
    {
    
        codec => rubydebug
    
    }
    
}

    输出:
    {
    
        "a21" => "22222",
    
         "a1" => "11111",
    
        "a31" => "33333",
    
    "message" => "<a>\n    <a1>11111</a1>\n     <a2>\n           <a21>22222</a21>\n     </a2>\n     <a3>\n           <a31>33333</a31>\n     </a3>\n</a>"
    
}
    2019-08-14 1 0
    分享

    bonate - 90后IT男

    赞同来自:

    现在的思路是用filter/ruby来解决,但是搞了几天还是毫无进展。特来求助。
    2019-08-13 0 0
    分享
    为什么被折叠? 0 个回复被折叠

    要回复问题请先登录注册

    Copyright © 2024 · CC BY-NC-SA 3.0

    本站服务器及带宽由 提供赞助