Hi im trying to read the event log with the event log plugin .
Unfortunately all the incoming text is written with question mark
I tried various of charset but it was the same
this is the conf file
input {
eventlog {
codec => plain { charset => "UTF-16" }
logfile => 'Security'
}
}
output {
stdout { codec => json }
}
and this is the output
[2018-02-08T12:01:27,837][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
{"RecordNumber":79924266,"host":"M2044653-W10","EventType":"???????","@version":"1","@timestamp":"2018-02-08T10:01:49.182Z","Type":"???????","message":"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????","SourceName":"??????????????????","TimeGenerated":"2018-02-08T10:01:23.000Z","InsertionStrings":["????","???????","???","???","??","???","???????????????????"],"ComputerName":"????????????","Logfile":"Security","User":null,"EventIdentifier":4689,"Category":13313,"TimeWritten":"2018-02-08T10:01:23.000Z"}{"RecordNumber":79924267,"host":"M2044653-W10","EventType":"???????","@version":"1","@timestamp":"2018-02-08T10:01:49.213Z","Type":"???????","message":"??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????","SourceName":"??????????????????","TimeGenerated":"2018-02-08T10:01:47.000Z","InsertionStrings":["????","???????","???","???","???","????????????????","???","??","","????","?","?","??","????????????????","??????"],"ComputerName":"????????????","Logfile":"Security","User":null,"EventIdentifier":4688,"Category":13312,"TimeWritten":"2018-02-08T10:01:47.000Z"}[2018-02-08T12:01:52,959][WARN ][logstash.runner ] SIGINT received. Shutting down.
[2018-02-08T12:01:53,499][INFO ][logstash.pipeline ] Pipeline has terminated {:pipeline_id=>"main", :thread=>"#<Thread:0x6e27f6a0 run>"}