我正在尝试使用logstash解析以下xml数据。我能够通过从tags中删除命名空间来实现它。但是当我在其中具有命名空间的实际文档上尝试它时,它无法解析田野。有人可以帮助使用命名空间或我是否在其他地方出错?
<Book:Body>
<Book:Head>
<bookname>Book:Name</bookname>
<ns:Hello xmlns:ns="www.example.com">
<ns:BookDetails>
<ns:ID>123456</ns:ID>
<ns:Name>ABC</ns:Name>
</ns:BookDetails>
</ns:Hello xmlns:ns="www.example.com">
</Book:Head>
</Book:Body>
以下是我的配置文件:
multiline {
pattern => "<Book:Body>"
what => "previous"
negate => "true"
}
xml {
store_xml => "false"
source => "message"
remove_namespaces => "true"
xpath =>[
"/Book/Book/BookDetails/ID/text()","ID",
"/Book/Book/BookDetails/Name/text()","Name"
]
}
mutate {
add_field => ["IDIndexed", "%{ID}"]
add_field => ["NameIndexed", "%{Name}"]
}
由于它没有被解析,我只是使用mutate获取%{ID}和%{Name}而不是获取它们的实际值。
答案 0 :(得分:0)
问题出在xpath中: 试试这个
xpath => [
"/Body/head/Hello/BookD/BookDetails/ID/text()", "ID",
"/Body/head/Hello/BookD/BookDetails/Name/text()", "Name",
]