Ingesting Oracle's Audit Trail

Hi, I'm ingesting the content from sys.dba_audit_trail into ES using the jdbc input plugin.
Everything goes ok with the exception of the field transactionid which is of type (at db level of RAW(8))
Here an example
000F001A00008F0A

When trying to index to ES I have the following error

[2020-12-30T15:55:03,988][ERROR][logstash.outputs.elasticsearch][oracle][e165fba9d3a72fb12f1b528141425a306cab12e7399f0edbe76920a85722dc89] An unknown error occurred sending a bulk request to Elasticsearch. We will retry indefinitely {:error_message=>"\"\\xB2\" from ASCII-8BIT to UTF-8",

I've tried with diferent values of

columns_charset => {"transactionid" => "xxx"}

and I have the event indexed without errors but with unreadable values

What Am I missing?
Thank you!
Regards
Ana

Is there anything in the Elasticsearch logs at the time that would correlate?

Hi Mark,
I couldn't find anything at elastic's logs.
This type at Oracle level are a raw representation using for example to store files. I don't know why they are using it to represent the transaction id.
I found a workaround that is to convert to hex the raw representation. Something like this in the select statement from jdbc input pluging

select entryid,os_username,username,userhost....,RawToHex(transactionid) from dba_audit_trail

Thank you!
Regards
Ana

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.