I am having a sample log file like below
<error message="file missing">
<value>01</value>
</error>
<dealer id="01" data="some text">Approved</dealer>
I want to parse the above code and want to display the data in Kibana like @message="file missing", @value="01", @dealer_id="01", @dealer_data = "some text".
I am new to ELK framework . I have tried using xpath filters but no luck if anyone help me with sample code means it would be a great help.
Fetching data can be done with xpath like this :
xml {
source => "message"
store_xml => false
xpath => {
"//site/text()" => "site"
"//dateCreation[1]/text()" => "date_creation"
"//commande:Tiers[1]/identifiant/text()" => "tiers_id"
}
}
Then every result of the xpath is stored in the targeted field You might replace/delete then existing field of your event to keep only the needed data.