无法使用logstash grok过滤器解析XML字符串

Question

我正在尝试解析XML字符串数据使用Grok，但看起来我做错了什么，请帮我解决这个问题。

XML字符串数据：

<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><a><expirationDate xmlns=\"http://epcis.abc.com/extension\">2019-05-15</expirationDate><lotNumber xmlns=\"http://epcis.abc.com/extension\">LOT-1047</lotNumber><productionDate xmlns=\"http://epcis.abc.com/extension\">10/10/2016 10:25:57</productionDate><quantity1 xmlns=\"http://epcis.abc.com/extension\">1,047</quantity1><EXT1 xmlns=\"http://epcis.abc.com/extension\">EXT1</EXT1><EXT2 xmlns=\"http://epcis.abc.com/extension\">EXT2</EXT2><EXT3 xmlns=\"http://epcis.abc.com/extension\">EXT3</EXT3><EXT4 xmlns=\"http://epcis.abc.com/extension\">EXT4</EXT4><EXT5 xmlns=\"http://epcis.abc.com/extension\">EXT5</EXT5><EXT6 xmlns=\"http://epcis.abc.com/extension\">EXT6</EXT6><EXT7 xmlns=\"http://epcis.abc.com/extension\">EXT7</EXT7><EXT8 xmlns=\"http://epcis.abc.com/extension\">EXT8</EXT8><EXT9 xmlns=\"http://epcis.abc.com/extension\">EXT9</EXT9><EXT10 xmlns=\"http://epcis.abc.com/extension\">EXT10</EXT10><EXT11 xmlns=\"http://epcis.abc.com/extension\">EXT11</EXT11><EXT12 xmlns=\"http://epcis.abc.com/extension\">EXT12</EXT12><EXT13 xmlns=\"http://epcis.abc.com/extension\"><EXT xmlns=\"http://epcis.abc.com\">EXT13</EXT></EXT13><EXT14 xmlns=\"http://epcis.abc.com/extension\"><EXT xmlns=\"http://epcis.abc.com\">EXT14</EXT></EXT14><EXT15 xmlns=\"http://epcis.abc.com/extension\"><EXT xmlns=\"http://epcis.abc.com\">EXT15</EXT></EXT15><EXT16 xmlns=\"http://epcis.abc.com/extension\"><EXT xmlns=\"http://epcis.abc.com\">EXT16</EXT></EXT16></a>

过滤

  input {
        jdbc {
            jdbc_validate_connection => true
            jdbc_connection_string => "jdbc:oracle:thin:@localhost.:1521/orcl"
            jdbc_user => "abc"
            jdbc_password => "abc"
            jdbc_driver_library => "/home/user/ES/ojdbc6-11.2.0.4.0.jar"
            jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver"
        statement => "SELECT to_clob(ilmd), event_parent_epc_sn, event_ext_raw FROM event"
        }
    }
    filter {
   xml {
    source => "event_ext_raw"
    target => "parsed"
  }
  split {
    field => "[parsed][a]"
    add_field => {expirationDate => "%{[parsed][a][expirationDate]}"}
  }
}
    output   {
        stdout { codec => rubydebug }
    }

错误消息：

  

管道工作者中的异常，管道停止处理新的   请检查您的过滤器配置并重新启动Logstash。   {＆＃34;例外＆＃34; = GT;＃，   ＆＃34;回溯＆＃34; = GT; [＆＃34; /home/user/ES/logstash-2.2.0/vendor/bundle/jruby/1.9/gems/logstash-filter-split-2.0.2/lib /logstash/filters/split.rb:46:in   filter'", "/home/user/ES/logstash-2.2.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.0-java/lib/logstash/filters/base.rb:151:in multi_filter＆＃39;＆＃34;，＆＃34; org / jruby / RubyArray.java:1613：在each'", "/home/user/ES/logstash-2.2.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.0-java/lib/logstash/filters/base.rb:148:in multi_filter＆＃39;＆＃34;＆＃34;（eval） ：67：在filter_func'", "/home/user/ES/logstash-2.2.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.0-java/lib/logstash/pipeline.rb:241:in filter_batch＆＃39;＆＃34;，＆＃34; org / jruby / RubyArray.java:1613：在each'", "org/jruby/RubyEnumerable.java:852:in注入＆＃39;＆＃34;，   ＆＃34; /home/user/ES/logstash-2.2.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.0-java/lib/logstash/pipeline.rb：239：在   filter_batch'", "/home/user/ES/logstash-2.2.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.0-java/lib/logstash/pipeline.rb:197:in worker_loop＆＃39;＆＃34 ;,   ＆＃34; /home/user/ES/logstash-2.2.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.0-java/lib/logstash/pipeline.rb：175：在   `start_workers＆＃39;＆＃34;]，：level =＆gt;：error} LogStash :: ConfigurationError：Only   字符串和数组类型是可拆分的。 field：[parsed] [a]的类型为=   NilClass