XML與Logstash

Question

解析

我anewbie到ELK棧，我試圖處理下面的示例XML文件Logstash

<Book:Body> 
    <Book:Head> 
     <bookname>Book:Name</bookname> 
      <ns:Hello xmlns:ns="www.example.com"> 
       <ns:BookDetails> 
        <ns:ID>123456</ns:ID> 
        <ns:Name>ABC</ns:Name> 
       </ns:BookDetails> 
     </ns:Hello xmlns:ns="www.example.com"> 
    </Book:Head> 
</Book:Body> 

我用下面的conf來處理數據：

input{ 
     file{ 
       path =>"/opt/data/book3.xml" 
           codec => multiline { 
           pattern =>"<Book:Body>" 
           negate => "true" 
           what => "previous"} 
     } 
} 

filter { 

       xml { 
         store_xml => "false" 
         source => "message" 
         remove_namespaces => "true" 

         xpath => [ 
       "/Body/Head/Hello/BookDetails/ID/text()", "ID", 
       "/Body/Head/Hello/BookDetails/Name/text()", "Name" 
       ] 
        } 

       mutate { 
         add_field => ["IDIndexed", "%{ID}"] 
         add_field => ["NameIndexed", "%{Name}"] 
         } 
} 
output{ 
     elasticsearch {hosts=>"localhost"} 
       stdout { codec => rubydebug } 
     } 

我已經啓用詳細模式爲Logstash並且沒有顯示錯誤，但在輸出停止下面點

Starting pipeline {:id=>"main", :pipeline_workers=>1, :batch_size=>125, :batch_delay=>5, :max_inflight=>125, :level=>:info} 
Pipeline main started 

我已確保該文件被讀取一次

欣賞這個

Answer 1

任何幫助，使用多過濾器和XML是一個有點棘手，不是很穩定。我建議保持簡單，確保文件中沒有新行，然後嘗試使用XML過濾器。