以下是示例消息:“”message“:”\ u001F \ x8B \ b \ x9Bz \ u001C \ x8F \ xE3 \ xE4 \ xDC \ u001E \ xF6 \ x80 \ x90 \ xAA \ u0015 \ a。\ xD1 \ xF8 \ xDF &(\ x8EK \ xE2 \ u0016!\ xC4wg \ xA2E \ x82 = Y3〜 \ XEF \ xF9 \ XE7 \ XF7 \ xABz \ x84u \ x9B \ xF2R \ XF5 \ u0015 \ xD4P = Uc的\ XDE \ n \ u000F \ X8F \ xC7w \ u001E \ xB61 \ xAFeHa \ XDB \ xE85 \ XF0 \ xF6p \ XBE \ x9F \ xBF \ u0004 \ u007F \ xE8 \ u000FR \ b \ u0016 \ xC4 \ xFB < \xFFwς2\ xB1 \ xBCP \ xBAU = \ xD4 \ n \ u0011; \ x94 \ x88Z \ xC8 \ xF0QtO \ xD5 \ u001C \ u001Ea \ xAEz \ xCDVr \ xD3 < \ x95 \ x9F \u001C˶\ xC1 \ xE5 \ x94h \ xF1 < \ x9D \ xB6 \ xF1pt \ aK |〜\ xF8ty \ xB9 | \ xBE \ x9E \ x87 \ xF3 \ XF3 \ XF5 \ XB4ޗ\ x81n \ xB7z。\ E \ xDFLK \ xA1i \ t \ xEB0 \ xEDN \ X84 \ xC6V [鲁符\ u0000 \ U0003 \ x9Dw \ u001E \ X85 \ XB2符\ u0000> \ U0002!\ x92C# \ xB1i \命苦ղѭt\ xA8H4 $ \ xB5u!r \ u0014 \ XF6} \ xE4Bi \ xFFs \ XCA \ xF7oCJ \ xB9 \ X FC \ xC8 \ XC3^\ XD0 \ xE0 \ XD6 @%\ XEC \ xEFI \ U0001 \ XFA(\ XE4 \ u0011 \ XF4 \ x8Bhz \ xECz \ u0005 \ xB5Q \ xBCT(ۯ\ xBBvJ \\\ XDC。\ E \ xDC6 \ x92D \ xDDK \ XDFڨ[\ u0014 \ XBA \ XB3:\ X83 \ xAD1 \ XA4}吨\ xE8 \ u0014i \ xE5 = [\ x9BFXF \ u0005 \ XAD \ X95 \ X93 \ XCA \ u0001Xe \ x9C \ xEDZ \ XC3 \ XDC \ xFFR \ XFF \xF2A'kЦ\ 86 \ xBAa \ u0006!\ XC4 \ xC9 \ xE5c \ XCA + \ XD7 /ͮ。\xF4ʬ\ XD5 \ XEF?\ U0001 \ u0000的符\ u0000 \ XFF \ XFF \ XA7 \ F(\ XFC \ XEC \ U0001 \ u0000的\ u0000" 的, “标签”:[ “_ jsonparsefailure”], “@版本”: “1”, “@时间戳”:“2016-02-16T04:00:52.993 Z”, “类型”: “系统日志”, “主人”: “192.168.1.34”}未执行logstash json过滤
注: “标签”: “_ jsonparsefailure”],
配置过滤:
filter {
json {
source => "message"
}
}
还是我得到编码消息
编辑:添加Logstash配置文件
input {
tcp {
port => 5000
}
udp {
port => 5514
# codec => json
}
tcp {
port => 5516
}
syslog {
port => 1514
}
}
filter {
json {
source => "message"
}
}
output {
file {
path => "/var/log/logstash.log"
}
elasticsearch{
codec => "json"
hosts => "ls-elasticsearch:9200"
}
}
//请求来了UDP端口5514
没有解决..我删除了所有..仍然类似的编码..看起来像一些问题与源.. – andNn
你介意分享你的logstash配置吗?我的意思是:输入,过滤和输出。看到几行示例数据被发送到logstash – alfredocambera
已更新原始问题将非常有用,谢谢sd – andNn