I think follow what leandrojmp has mentioned about the json, and the source message. You could test that json here to see if its valid if you have control to access it: https://jsonlint.com/
logstash config test is only test your .conf file for instance: json.conf, not data.
As leandrojmp said, your data is not OK, LS will raise the tag: _jsonparsefailure. Or you have several records OK, then a wrong record. Incorrect data you can handle in output
output {
if ("_jsonparsefailure" in [tags]) {
elasticsearch {
hosts => ["http://eshost:9200"]
index => "error_%{+YYYY.MM}"
user => "user"
password => "pass"
}
}
I'm getting this warning only at the LS start-up, post-start, it is not getting displayed. But the source data keeps on passing through the LS. Not sure, Why the same is not coming for all the source data.
The same issue is not occurring in the LS version 7.10.2 for the same source data. Whereas the LS version 8.4.0 only throws this warning.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.