I need to implement a client that sends logging records to a logstash instance at a relative high rate (at least 2kHz). https can’t match this requirement. An option is to use the TCP input plugin, but I failed to find a documentation on the data this plugin expect to receive as input. All I could find is that it expect to receive json input.
Do I send json objects separated by commas ? Are newlines allowed inside the json object ? Where can or should I have newlines ? Is there a handshake or the data flow is one way only ?
Does the TCP TLS support client certificate authentication ? Is there any authentication method beyond that ?
IIRC the tcp input with the json codec expects one JSON Object per line (not pretty printed) - i.e. JSON Objects, string encoded (UTF-8) with a trailing newline.
The tcp input will generate an event every time it sees a new line. It can process JSON or plain text. There is no handshake. If the ssl_verify option is set to true then it will validate the client certificate against the CA. I think it is then up to you to verify that the sslsubject added to the event is valid.
You can use either. Using json_lines may be better "documentation" for when you edit the config months from now
Behind the scenes the config loader substitutes the json_lines codec for the json codec when it is specified. For that reason, being explicit is better "documentation".
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
