Filebeat Process multilne XML
[英]Filebeat Process multilne XML
问题描述
I have a log file where I am printing request and response XML bodies. 
我有一个日志文件,我打印请求和响应XML正文。 This log file also has some additional lines that are not XML. 此日志文件还有一些非XML的附加行。 Example below -- 以下示例 -
===========================================
<request>
<data>
abc
</data>
</request>
some random lines concerning the processing of request..
fha;js;fkgak;gj;kj;a
jgahkg;gaj;
Now response follows
<response>
<output>
def
</output>
</response>
===================================================
How to use use filebeat multiline feature to parse such a data and have each XML as a single event to be sent to logstash? 如何使用filebeat multiline功能来解析这样的数据并将每个XML作为单个事件发送到logstash?
1 个解决方案
解决方案1
0 2017-03-07 10:22:17
multiline.pattern: ^<request> multiline.negate : true multiline.match : after
you need to insert above mentioned line in filebeat.yml file this will capture all your data lying between as a single event beginning with <request> before the next <request> is found.you can modify your multipline.pattern(regex expression) as per your requirement. 你需要在filebeat.yml文件中插入上面提到的行,这将捕获所有数据,作为在找到下一个<request>之前以<request>开头的单个事件。你可以将multipline.pattern(regex表达式)修改为根据您的要求。
for a detailed information check out following link: https://www.elastic.co/guide/en/beats/filebeat/1.2/configuration-filebeat-options.html 有关详细信息,请查看以下链接: https : //www.elastic.co/guide/en/beats/filebeat/1.2/configuration-filebeat-options.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.