I've a problem with cloudwatch logs showing up in readable format in kibana and I believe the problem is with setting Logstash charset. The error is:
[main] Received an event that has a different character encoding than you configured. {:text=>"\u0017\u0016\xBE\xAE\xED\"\xBE\xA5\xF0\u0004`B>\xDC١\xAFu\u000FV\xFC\xA3lz\u000F\xA6\xBF\xD1q\u001Fހ\u007F\u0006|\xF1\xF0\b\xAA\x95\xAF\a\xFB\n", :expected_charset=>"UTF-8"}
My setup is:
CWL -> Kinesis Firehose -> S3 -> Logstash -> EC2 ES Cluster -> Kibana
If I replace Logstash with Fluentd, the logs show up fine in Kibana so I know the setup is correct.
Any idea which charset I should be using in Logstash for my scenario?
OK i have figure this out. I configure s3 event notification to go to an aws sqs queue. then I install the logstash-input-s3-sns-sqs plugin. I use a Logstash pipe like this:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.