Hi,
I have trouble sending data from my logstash to another one.
here is the error I have :
[2019 - 07 - 05T10: 50: 13, 107][WARN][logstash.codecs.jsonlines]JSON parse error, original data now in message field {
: error => # < LogStash::Json::ParserError: Unrecognized token 'Loading': was expecting('true', 'false' or 'null')
at[Source: (String)"Loading archive '46deb6d4-20ed-45e6-bbcf-7bcccf0cd0d1' to hosts running selected API Gateways...Deploying to API Gateway 'GW-1'...Completed successfully.Gateway instance [GW-1] deployed with [0] error(s).";
line: 1, column: 8] > ,
: data => "Loading archive '46deb6d4-20ed-45e6-bbcf-7bcccf0cd0d1' to hosts running selected API Gateways...Deploying to API Gateway 'GW-1'...Completed successfully.Gateway instance [GW-1] deployed with [0] error(s)."
}
Here is an example of an input sent to the logstash:
{
"@timestamp": "2019-07-03T10:54:54.404Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.0.1"
},
"log": {
"file": {
"path": "/appl/api/logs/LastDeployement_normal.log"
},
"offset": 45
},
"message": "Loading archive '46deb6d4-20ed-45e6-bbcf-7bcccf0cd0d1' to hosts running selected API Gateways...",
"input": {
"type": "log"
},
"fields": {
"log_type": "deployement",
"app": "api",
"context": "dmz_back",
"env": "uat",
"component": "admin_node_manager"
},
"ecs": {
"version": "1.0.0"
},
"host": {
"name": "z98sl0681db"
},
"agent": {
"type": "filebeat",
"ephemeral_id": "f0c71f0c-a224-49a4-8ed7-edfe04898a28",
"hostname": "z98sl068db",
"id": "c2fb26d2-05bc-4bdd-a103-cf531dbe4ac4",
"version": "7.0.1"
}
}
{
"@timestamp": "2019-07-03T10:54:54.405Z",
"@metadata": {
"beat": "filebeat",
"type": "_doc",
"version": "7.0.1"
},
"fields": {
"log_type": "deployement",
"app": "api",
"context": "dmz_back",
"env": "uat",
"component": "admin_node_manager"
},
"input": {
"type": "log"
},
"ecs": {
"version": "1.0.0"
},
"host": {
"name": "z98sl068i1db"
},
"agent": {
"ephemeral_id": "f0c71f0c-a224-49a4-8ed7-edfe04898a28",
"hostname": "z98sl068i1db",
"id": "c2fb26d2-05bc-4bdd-a103-cf531dbe4ac4",
"version": "7.0.1",
"type": "filebeat"
},
"log": {
"offset": 220,
"file": {
"path": "/appl/api/LastDeployement_normal.log"
}
},
"message": "Deploying to API Gateway 'GW-1'..."
}
And so nothing arrive to the second logstash because the first one can't send it.
I add that logstash configuration is empty as you can see:
input {
beats {
port => 5044
client_inactivity_timeout => 360
codec => json_lines
}
}
output {
lumberjack {
codec => json_lines
hosts => ["parser01", "parser02"]
ssl_certificate => "/appl/elk/logstash/conf.d/ssl/lumberjack.cert"
port => 5443
}
}
any idea ?