Hello,
We use Elastic 9.1.4.
We want to monitor deadlocks in Elastic. The method that consistently works for us is to enable DBCC TRACEON(1222, -1); on MSSQL. This causes the deadlocks to be written to the ERRORLOG.
After that, I enable Collect logs from Microsoft SQL Server instances in the integrations (we use Fleet) and set the correct path. We can then see the deadlocks, but we can’t filter the messages because they’re encoded. MSSQL encodes its logs in UTF-16, while Elastic only reads UTF-8.
I’ve tried specifying utf-16le in the integrations tab, but then I get a 504 error message in the agent logs.
I’ve tried several different approaches, but I can’t seem to filter the logs to isolate the deadlocks.
When I tried adding a tag through a custom pipeline, I also got a 504 error.
Does anyone have a solution for this issue?