Json parse error

Belbo_belbo · November 24, 2023, 10:51am

I'm trying, via a busybox pod, to generate a json that sends it to filebeat which in turn sends it to logstash but I have this problem:

 at [Source: (byte[])"Hello, World!"; line: 1, column: 7]>}
[2023-11-24T10:41:27,442][WARN ][logstash.filters.json    ][main][2a1e8d294f7b2bb72aa995abe5a8d1d3e3658491512d3fc08a3248e4bed6580c] Error parsing json {:source=>"message", :raw=>"Hello, World!", :exception=>#<LogStash::Json::ParserError: Unrecognized token 'Hello': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')

This is my configuration:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: busybox
  namespace: logging
spec:
  selector:
    matchLabels:
      app: busybox
  template:
    metadata:
      labels:
        app: busybox
    spec:
      containers:
        - name: busybox
          image: busybox
          command: ["/bin/sh"]
          args: ["-c", "while true; do echo '{\"time\": \"$(date -u --rfc-3339=ns)\", \"message\": \"Hello, World!\"}' >> /var/log/busybox.log; sleep 1; done"]
          volumeMounts:
            - name: varlog
              mountPath: /var/log
          resources:
            requests:
              memory: 128Mi
              cpu: 200m
            limits:
              memory: 128Mi
              cpu: 200m
        - name: filebeat
          image: docker.elastic.co/beats/filebeat:8.11.0
          volumeMounts:
            - name: config-volume
              mountPath: /usr/share/filebeat/filebeat.yml
              subPath: filebeat.yml
            - name: varlog
              mountPath: /var/log
          resources:
            requests:
              memory: 512Mi
              cpu: 1
            limits:
              memory: 512Mi
              cpu: 1
      volumes:
        - name: config-volume
          configMap:
            name: filebeat-config
        - name: varlog
          emptyDir: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
  namespace: logging
data:
  filebeat.yml: |-
    filebeat.inputs:
    - type: log
      paths:
        - /var/log/*.log
      json.keys_under_root: true
      json.add_error_key: true
      json.message_key: message
    output.logstash:
      hosts: ["logstash.logging.svc:5044"]
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: logstash-config
  namespace: logging
data:
  logstash.conf: |
    input {
      beats {
        port => 5044
      }
    }

    filter {
      json {
         source => "message"
      }
    }

    output {
      elasticsearch {
        hosts => [ "https://elasticsearch:9200" ]
        ssl => true
        ssl_certificate_verification => false
        user => "elastic"
        password => "elastic"
        index => "logstash-%{+YYYY.MM.dd}"
      }
    }

system · December 22, 2023, 12:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.