Currently trying with LS 2.0.0. I havent been using elasticsearch as of now but would be using 2.0.0 rc1 going ahead.
ES 2.0.0 is out and 2.0.1 or 2.1.0 is probably coming soon. So I would go directly with that: https://www.elastic.co/downloads/elasticsearch
Where did you see the output above? file, stdout? So far I always checked what ends up in elasticsearch.
I checked with logstash stdout plugin enabled. I also enabled debug in filebeat and the debug logs also shows the same output.
Ok, good to know. That means I can test filebeat standalone. Thanks for all the infos.
@vinod8427 I can not tell from the conversation if you have really tried with most recent filebeat nightlies. We've not been able to reproduce your problem yet with recent builds, but with rc2 it will definitely fail.
From sample log file you send it seems your file is ASCII only. The "plain" codec should be enough here.
I have had another look at the lines posted by you. The end of the original line is the start of the line being reported. For comparison the last 'few' bytes from log file (first) and from faulty report (second):
0,,,1,1,,,2,0x1C4C8168,0,,,,,,0,,,,1,,,,,,,6,,,,"sipp",2,1,1,1,1,,0,,,1,7,1,,,10.54.24.102,10.54.80.140,60121,16,8,,,,,,,,,0,,,TANDEM,,,,,,,13,1,,,,,,,,,,,,,,,,0,,,,,,,,0,,,"2,1,0,3",0,,,,,,,,,,,,,,,,,,,,,,,,,,
0,,,1,1,,,2,0x1C4C8168,0,,,,,,0,,,,1,,,,,,,6,,,,"sipp",2,1,1,1,1,,0,,,1,7,1,,,10.54.24.102,10.54.80.140,60121,16,8,,,,,,,,,0,,,TANDEM,,,,,,,13,1,,,,,,,,,,,,,,,,0,,,,,,,,0,,,"2,1,0,3",0,,,,,,,,,,,,,,,,,,,,,,,,,,\n
These strings are exactly the same up to '\n'. This, plus the 'restitching' is a strong indicator for issue #258 in filebeat, which has already been resolved before you reported the issue.
The most recent nightly you can download from https://beats-nightlies.s3.amazonaws.com/index.html?prefix=filebeat/ . Look for filebeat-nightly.latest-<os_and_arch>. .
Can you retry with nightly please?
@steffens I just tried with latest nightlies and seems to be working fine. I had earlier tried with rc2 and one of the latest nightlies which Nicolas had shared with me. I shall however test this thoroughly and keep you posted if I come across any further issues. Sorry for the trouble.
BTW thanks to both you folks for helping me through this 
@ruflin With the latest nightly I however see that the encoding issue is not an issue anymore but I am facing issue with file reads. After some point of time, filebeat starts to ignore any further changes to both existing files & newly created ones. I am constantly seeing the following in my debug logs:
2015-11-24T15:42:19+05:30 DBG Not harvesting, file didn't change: /var/log/sonus/sbx/evlog/10054C4.ACT
2015-11-24T15:42:19+05:30 DBG Check file for harvesting: /var/log/sonus/sbx/evlog/10054C5.ACT
2015-11-24T15:42:19+05:30 DBG Not harvesting, file didn't change: /var/log/sonus/sbx/evlog/10054C5.ACT
However when I restart filebeat, it works fine again but only until some point.
Good to hear that the first issue is solved. To solve the second issue, you must increase the ignore_older setting to probably about 20 minutes in your case. Or how long does it take until a file is guaranteed not to update anymore? I know in your case this is a little bit an issue because of the growing registrar file.