Edge Delta Parse XML Processor
4 minute read
Overview
The parse XML processor parses an XML string into structured data. Unlike ParseSimplifiedXML it maintains the entire structure of the XML document, including attributes, content within tags, and the hierarchy of elements.
For detailed instructions on how to use multiprocessors, see Use Multiprocessors.
Configuration
Consider the following log:
<log type="access">
<!-- Log entry for a web request -->
<details>
<host>172.17.15.39</host>
<userIdentifier>68b148de-7ce3-423c-b72d-64a4f21ecfc0</userIdentifier>
<timeLocal>2024-12-15T22:40:53.723160Z</timeLocal>
</details>
<requestInfo>
<method>POST</method>
<request>/styles/main.css</request>
<protocol>HTTP/2</protocol>
</requestInfo>
<response>
<status>403</status>
<bytesSent>1043</bytesSent>
</response>
<message>This is a sample log entry</message>
</log>
It can be parsed into attributes with the following processor configuration:
YAML version:
- name: Multi Processor_fa8d
type: sequence
processors:
- type: ottl_transform
metadata: '{"id":"XwnTywTL9ZQHiMlUzyb2e","type":"parse-xml","name":"Parse XML"}'
statements: |-
merge_maps(attributes, ParseXML(body), "upsert") where IsMap(attributes)
set(attributes, ParseXML(body)) where not IsMap(attributes)
Output:
{
"_type": "log",
"timestamp": 1745310134812,
"body": "<log type=\"access\"><!-- Log entry for a web request --><details><host>172.17.15.39</host><userIdentifier>68b148de-7ce3-423c-b72d-64a4f21ecfc0</userIdentifier><timeLocal>2024-12-15T22:40:53.723160Z</timeLocal></details><requestInfo><method>POST</method><request>/styles/main.css</request><protocol>HTTP/2</protocol></requestInfo><response><status>403</status><bytesSent>1043</bytesSent></response><message>This is a sample log entry</message></log>",
"resource": {
...
},
"attributes": {
"attributes": {
"type": "access"
},
"children": [
{
"children": [
{
"content": "172.17.15.39",
"tag": "host"
},
{
"content": "68b148de-7ce3-423c-b72d-64a4f21ecfc0",
"tag": "userIdentifier"
},
{
"content": "2024-12-15T22:40:53.723160Z",
"tag": "timeLocal"
}
],
"tag": "details"
},
{
"children": [
{
"content": "POST",
"tag": "method"
},
{
"content": "/styles/main.css",
"tag": "request"
},
{
"content": "HTTP/2",
"tag": "protocol"
}
],
"tag": "requestInfo"
},
{
"children": [
{
"content": "403",
"tag": "status"
},
{
"content": "1043",
"tag": "bytesSent"
}
],
"tag": "response"
},
{
"content": "This is a sample log entry",
"tag": "message"
}
],
"tag": "log"
}
}
Note: It could be less nested, without the tag, children, and content tags if you use a custom processor with the
ParseSimplifiedXMLOTTL function.
Options
Select a telemetry type
You can specify, log, metric, trace or all. It is specified using the interface, which generates a YAML list item for you under the data_types parameter. This defines the data item types against which the processor must operate. If data_types is not specified, the default value is all. It is optional.
It is defined in YAML as follows:
- name: multiprocessor
type: sequence
processors:
- type: <processor type>
data_types:
- log
condition
The condition parameter contains a conditional phrase of an OTTL statement. It restricts operation of the processor to only data items where the condition is met. Those data items that do not match the condition are passed without processing. You configure it in the interface and an OTTL condition is generated. It is optional. You can select one of the following operators:
| Operator | Name | Description | Example |
|---|---|---|---|
== |
Equal to | Returns true if both values are exactly the same |
attributes["status"] == "OK" |
!= |
Not equal to | Returns true if the values are not the same |
attributes["level"] != "debug" |
> |
Greater than | Returns true if the left value is greater than the right |
attributes["duration_ms"] > 1000 |
>= |
Greater than or equal | Returns true if the left value is greater than or equal to the right |
attributes["score"] >= 90 |
< |
Less than | Returns true if the left value is less than the right |
attributes["load"] < 0.75 |
<= |
Less than or equal | Returns true if the left value is less than or equal to the right |
attributes["retries"] <= 3 |
matches |
Regex match | Returns true if the string matches a regular expression |
isMatch(attributes["name"], ".*\\.name$" |
It is defined in YAML as follows:
- name: _multiprocessor
type: sequence
processors:
- type: <processor type>
condition: attributes["request"]["path"] == "/json/view"
Parse from
Specify the field containing the XML.
Assign to
Specify the field where you want the parsed object to be saved.
Final
The final parameter specifies whether successfully processed data items should continue to subsequent processors within the same multiprocessor node. Data items that fail to be processed by the processor will be passed to the next processor in the node regardless of this setting. You select the slider in the tool which specifies it for you in the YAML as a Boolean. The default is false and it is optional.
It is defined in YAML as follows:
- name: multiprocessor
type: sequence
processors:
- type: <processor type>
final: true
Keep original telemetry item
This option defines whether to delete the original unmodified data item after it is processed. For example, you can keep the original log as well as any metrics generated by an extract metric processor. If you select this option your data volume will increase.