Hi @exekias ,
thanks for the fast response.
Using your config the message gets cut off at the exact same position.
I tried it with and without the harvester_buffer_size option.
How to reproduce:
use my config, start a container and run the following:
#!/bin/bash
key="somerandomkey_"
value="somerandomvalue_"
echo -n '{'
for i in $(seq 420); do
echo -n "\"${key}${i}\":\"${value}${i}\","
done
echo '"lastkey":"end"}'
This produces a valid json output. For me it cuts off at "somerand" and a new message continues with "omkey_396".
Pretty urgent for us, may have to use else due to this, for example apps that generate stack traces or if you are consuming modsecurity audit logs, sizes of entries like this are pretty typical and w/ fbeats we are not sure how to re-correlate this data in logstash?
any suggestions from elastic for us and others dealing with this?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.