Я пытался проанализировать типичный файл журнала xml с моего компьютера с Windows, используя filebeat для logstash.
ниже - мой пример xml.
<?xml-stylesheet alternate="yes" href="file://c:/drive/bin/event_log.xsl" type="text/xsl"?>
<EventLog SetMinutes="800" Id="8000" Process="Player.exe">
<Clock ClockId="CLk-21e21412414=4-1341341414141"/>
<Entry serial_no="0" mcycle="2132424124-4141" Thread="player" ThreadId="tester" Seconds="11231243241.354123" Severity="info" >Local player details - Receievd metrics
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 400 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 30 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 130 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 3300 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1300 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 400 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 30 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached 130 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1000 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 3300 level and need to get an xp
player has reached 100 level and need to get an xp
player has reached to 70 level and need to get an xp
player has reached 1300 level and need to get an xp
player has reached 103 level and need to get an xp
player has reached to 733 level and need to get an xp
</Entry>
</Eventlog>
Ниже приведена моя многострочная конфигурация filebeat.
multiline.pattern: '^<Entry|^=[a-z]'
multiline.negate : false
multiline.match: after
Ниже представлен мой xml-фильтр losgtash.conf
input{
beats {
port => 5044
}
}
filter{
xml{
source => "message"
store_xml => true
target => "doc"
xpath => ["/Eventlog[@name='ThreadId']@value", "ThreadId",
"/Eventlog[@name='Thread']@value", "Thread",
"/Eventlog/Entry[@name='Secs']@value", "Seconds",
"/Eventlog/Entry[@name='ThreadId']@value", "ThreadID",
"/Eventlog/Entry/text()", "details"
]
}
Может кто-нибудь помочь с этим?Я что-то пропустил в конфиге filebeat или logstash?