Question

我从Kafka主题中提取了一些XML文件流，并尝试使用XML过滤器插件通过Logstash获取XML文件的一个元素，但无法这样做;提到下面的细节;

流的XML块：

`<?xml v="1.0" enc="UF-8"?> 
   <\ns0:LogRequest xmlns:ns0="http://SOME/URL/SOME.xsd"> 
   <\ns1:Header xmlns:ns1="http://SOME/URL/SOME1.xsd">
   <\ns1:ApplicationID>ABC<\/ns1:ApplicationID>
   <\ns1:ComponentName>XYZ<\/ns1:ComponentName>
   <\ns1:Hostname>MYHOST<\/ns1:Hostname>
   <\ns1:Timestamp>2017-02-27T23:07:44.318+05:30<\/ns1:Timestamp>
   <\ns1:TransactionDomain>Some Domain <\/ns1:TransactionDomain> 
   <\ns1:TransactionType>Some Type<\/ns1:TransactionType>
   <\ns1:Message>Some Message <\/ns1:Message>
   <\ns1:AltKey>\n 
   <\ns1:AltKeyName>LOG<\/ns1:Alt\KeyName>
   <\ns1:AltKeyValue>Some Key <\/ns1:AltKeyValue>\n 
   <\TimeDuration>1488217064317<\/TimeDuration>\n 
   <\Status>Some Status <\/Status>\n 
   <\Audit>true\n<\/ns0:LogRequest>`

我想获取＆＃34; Timestamp＆＃34;的值并将其保存为新字段但无法执行此操作，

Logstash.conf：

    filter {

        xml {
          store_xml => "false"
          remove_namespaces => "false"
          source => "message"
          namespaces => {
              "ns0" => "http://SOME/URL/SOME.xsd"
              "ns1" => "http://SOME/URL/SOME1.xsd"
            }
           xpath => [ "/ns0:LogRequest/ns1:Timestamp/text()", "mytime" ]

        }

        mutate {
                                #convert => { "mytime" => "string" }
                                add_field => ["time_stamp", "%{mytime}"]
              }

    }

Expected Output :

"time_stamp" => "2017-02-27T23:07:44.318+05:30"

Actual/Present Output : 
"time_stamp" => "%{mytime}"

Any help will be really appreciated !!

Answer 1

嗯，我通过以下步骤解决了这个问题，

从Logstash处理中删除了名称空间;
更新了Timestamp元素的X路径;

所以现在我的配置看起来像，

filter {

xml {
  store_xml => "false"
  remove_namespaces => "true"
  source => "message"
   xpath =>["//[localname()='LogRequest']/*/[localname()='Timestamp']/text()", "mytime" ]

     }

}

无法通过Logstash xml过滤器插件使用XML路径配置获取XML元素

1 个答案: