Expected json encoding for TCP input?


(Christophe Meessen) #1

I need to implement a client that sends logging records to a logstash instance at a relative high rate (at least 2kHz). https can’t match this requirement. An option is to use the TCP input plugin, but I failed to find a documentation on the data this plugin expect to receive as input. All I could find is that it expect to receive json input.

Do I send json objects separated by commas ? Are newlines allowed inside the json object ? Where can or should I have newlines ? Is there a handshake or the data flow is one way only ?

Does the TCP TLS support client certificate authentication ? Is there any authentication method beyond that ?


(Guy Boertje) #2

IIRC the tcp input with the json codec expects one JSON Object per line (not pretty printed) - i.e. JSON Objects, string encoded (UTF-8) with a trailing newline.

TLS yes. https://github.com/logstash-plugins/logstash-input-tcp/issues?utf8=✓&q=is%3Aissue+tls


#3

The tcp input will generate an event every time it sees a new line. It can process JSON or plain text. There is no handshake. If the ssl_verify option is set to true then it will validate the client certificate against the CA. I think it is then up to you to verify that the sslsubject added to the event is valid.


(Christophe Meessen) #4

Do I have to pick the codec json_lines instead of json ?


(Guy Boertje) #5

You can use either. Using json_lines may be better "documentation" for when you edit the config months from now :slight_smile:

Behind the scenes the config loader substitutes the json_lines codec for the json codec when it is specified. For that reason, being explicit is better "documentation".