如何对一条 xml 消息使用多个 xml 过滤器

Question

我必须解析 XML 文档（作为 rabbitmq 消息接收），但我想根据某些过滤器获取更多信息。这是我的 logstash

的 xml 部分

if ([message] =~ /^</) {
  xml {
    ...
    xpath => [
      "/APIOS_MOM_EVENT/IDENT/NO_EMIARTE/text()", "NO_EMIARTE",
      "name(/APIOS_MOM_EVENT/DATA/APIOS_EXPORT/*[not(self::METADATA)])","MESSAGE_TYPE",
      "name(/APIOS_MOM_EVENT/DATA/*)","RECOMMENDATIONS",
      "/APIOS_MOM_EVENT/DATA/APIOS_EXPORT/METADATA/CODE_OFFRE_WEB/text()","OFFRE_WEB"
    ]
    target => "xml"
  }
  alter {
    condrewrite => [
      "MESSAGE_TYPE","","EDITO"         
    ]
    condrewriteother => [
      "RECOMMENDATIONS","RECOMMENDATIONS","MESSAGE_TYPE","RECOMMENDATIONS"
    ]
    condrewriteother => [
      "RECOMMENDATIONS","SCHEDULE","MESSAGE_TYPE","SCHEDULE"
    ]
    remove_field => [ "RECOMMENDATIONS" ]
  }
  if [MESSAGE_TYPE]=="SCHEDULE" {        
    xml{
      source => "message"
      store_xml => false
      xpath => [            
        "/APIOS_MOM_EVENT/DATA/SCHEDULE/DAY/@DATE","DAY"
      ]
      target => "xml"          
    }
  }
}

所以在这里，如果我有一个 SCHEDULE MESSAGE_TYPE，我想添加一个过滤器来获取 DAY，但这样做似乎很复杂。我感觉 MESSAGE_TYPE 在我的 if 语句

中不可用

在 if [MESSAGE_TYPE]=="SCHEDULE" {

之前都很好

Answer 1

好的，我不知道为什么它不起作用，但下面的代码运行良好

...
remove_field => [ "RECOMMENDATIONS" ]
      }
      if [MESSAGE_TYPE]=="SCHEDULE" {
        xml{
          source => "message"
          store_xml => false
          xpath => [
            "/APIOS_MOM_EVENT/DATA/SCHEDULE/DAY/@DATE","DAY",
            "/APIOS_MOM_EVENT/DATA/SCHEDULE/DAY/ELEMENT/NO_EMIARTE/text()","NO_EMIARTE",
            "/APIOS_MOM_EVENT/DATA/SCHEDULE/DAY/ELEMENT/ID_PROG/text()","ID_PROG"
          ]
          target => "xml"
        }
      }

新字段现在在 ES 中得到了很好的满足。

如何对一条 xml 消息使用多个 xml 过滤器

How can I use several xml filter for one xml message

xml

xpath

logstash