I am using LS and ES 2.1 . I want to to use LS eventlog plugin to collect my windows server's eventlog. My Windows server was Windows 2012 R2 chinese. I configure eventlog as below:
input {
eventlog {
type => 'wineventlog'
#logfile => ["System","Application","Security"]
logfile => ['Security']
codec => { plain => { charset => "GB18030" }}
}
}
but the output messages is like " "message" => "\xD5\xCA\xBB\xA7\xB5\xC7\xC2\xBC\xCA\xA7\xB0\xDC\xA1\xA3\r\n\r\n\xCA\xB9\xD3\xC3\xD5\xD......"
I tried to change the charset to GBK or UTF-8, but it is the same.
How can I collect chinese windows event log?