Hello! I've been in the midst of working with the ELK stack for the first time. I'm currently sending data from Metricbeat -> Logstash -> an external script (output sent over TCP) -> Logstash -> Elasticsearch. However, when I upgrade the logstash version to logstash-7.2.0-1 from logstash-7.1.1-1, …

JSON data split up (_jsonparseerror) in logstash-7.2.0-1. Works fine in logstash-7.1.1-1

johank August 12, 2019, 8:39am 4

Possible solution.

switching from codec json => json_lines seems to solve it. (have only tested for 5 minutes so far)
Probably worked before because of different code used to convert tcp stream into messages.

Broken JSON (Rsyslog -> Logstash) - Message breaking in wrong place

Topic		Replies	Views
Parsing Json File with Logstash and Filebeat Logstash	4	1853	October 9, 2017
Error parsing JSON doc Logstash	4	3929	July 6, 2017
LogStash::Json::ParserError: Unexpected end-of-input: expected close marker for Array Logstash	1	212	June 30, 2023
Json parse error, original data now in message field ParserError: Unexpected end of input within/between array entries Logstash	1	505	July 22, 2020
Trouble with Logstash JSON parsing Logstash	10	2692	December 20, 2017

JSON data split up (_jsonparseerror) in logstash-7.2.0-1. Works fine in logstash-7.1.1-1

Related topics