Logstash inserting NUL in the apache_access.log file

kunalwagh · October 8, 2018, 5:40pm

I am running below command in the Power shell but getting NUL inserted in front of every character:

C:\ELK-Stack\logstash> echo '57.85.164.98 - - [20/Sep/2017:15:31:04 +0200] "GET /js/main.js" 200 588 "https://codinge

xplained.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Saf

ari/537.36"' >> event-data/apache_access.log

Output:

   "message" => "91.59.108.75 - - [20/Sep/2017:20:11:43 +0200] \"GET /favicon.ico\" 200 7581 \"https://codingexplain

ed.com/products/view/863" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"5\u00007\u0000.\u

00008\u00005\u0000.\u00001\u00006\u00004\u0000.\u00009\u00008\u0000 \u0000-\u0000 \u0000-\u0000 \u0000[\u00002\u00000\u0

000/\u0000S\u0000e\u0000p\u0000/\u00002\u00000\u00001\u00007\u0000:\u00001\u00005\u0000:\u00003\u00001\u0000:\u00000\u00

004\u0000 \u0000+\u00000\u00002\u00000\u00000\u0000]\u0000 \u0000"\u0000G\u0000E\u0000T\u0000 \u0000/\u0000j\u0000s\u00

00/\u0000m\u0000a\u0000i\u0000n\u0000.\u0000j\u0000s\u0000"\u0000 \u00002\u00000\u00000\u0000 \u00005\u00008\u00008\u00

00 \u0000"\u0000h\u0000t\u0000t\u0000p\u0000s\u0000:\u0000/\u0000/\u0000c\u0000o\u0000d\u0000i\u0000n\u0000g\u0000e\u00

00x\u0000p\u0000l\u0000a\u0000i\u0000n\u0000e\u0000d\u0000.\u0000c\u0000o\u0000m\u0000/\u0000"\u0000 \u0000"\u0000M\u0

000o\u0000z\u0000i\u0000l\u0000l\u0000a\u0000/\u00005\u0000.\u00000\u0000 \u0000(\u0000W\u0000i\u0000n\u0000d\u0000o\u00

00w\u0000s\u0000 \u0000N\u0000T\u0000 \u00001\u00000\u0000.\u00000\u0000;\u0000 \u0000W\u0000i\u0000n\u00006\u00004\u000

0;\u0000 \u0000x\u00006\u00004\u0000)\u0000 \u0000A\u0000p\u0000p\u0000l\u0000e\u0000W\u0000e\u0000b\u0000K\u0000i\u0000

t\u0000/\u00005\u00003\u00007\u0000.\u00003\u00006\u0000 \u0000(\u0000K\u0000H\u0000T\u0000M\u0000L\u0000,\u0000 \u0000l

\u0000i\u0000k\u0000e\u0000 \u0000G\u0000e\u0000c\u0000k\u0000o\u0000)\u0000 \u0000C\u0000h\u0000r\u0000o\u0000m\u0000e\

u0000/\u00006\u00000\u0000.\u00000\u0000.\u00003\u00001\u00001\u00002\u0000.\u00009\u00000\u0000 \u0000S\u0000a\u0000f\u

0000a\u0000r\u0000i\u0000/\u00005\u00003\u00007\u0000.\u00003\u00006\u0000"\u0000\r\u0000",

      "path" => "C:/ELK-Stack/logstash/event-data/apache_access.log"


Logstash configuration file:

input {

file {

    path => "C:/ELK-Stack/logstash/event-data/apache_access.log"

    start_position => "beginning"   

}

http {

host => "127.0.0.1"

port => 8088

}

output {

stdout {

    codec => rubydebug

}

}

kunalwagh · October 8, 2018, 7:03pm

Issue resolved by using the correct codec:
codec => plain{charset => 'UTF-16BE'}

system · November 5, 2018, 7:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.