hello,
I installed filebeat in a container and another container I have installed logstash, and I put myself in debug mode, I perceive myself as the original message does not have the correct format, config entry into logstash (tcp)
tcp {
port => 5514
type => syslog
add_field => [ "openshift" , "logcontainer" ]
}
and filebeat the default protocol is TCP or UDP?
sample message
2W\u0000\u0000\u0000\u00012C\u0000\u0000\u0000\xC1x^|\x8F\xBDN\xC40\u0010\x84\xC3kPn\u001D#\xDB\xCAᓫ\xAB\xA9\xA9h\x90\x897\x87\x85\u007F\xA2\xDBu\x81\xA2{w6\u0012BPp\x92\v\xDB\xF3\xEDΌ}\u001A\x86\xE1N\xCE\xFD\u0006\xA7\x82\u001Cb\xE0\u0000~\u0003\xFE\\u0011<,)\xE3\e\u0006V\xB1\xCD\u001FxQ\xB9\x9D\tFؿ~\xA9p\u001D\xE1ĩ
q(\xAB\bV\x9BG\xA5\x9D\xD2\xE6\xD9L\xFE\xE0\xBCu\u000F\xD3ѽȨ@\u0014\xCE\xFBny\xDCvIu\xED\xFC\xFA\xCD\u0010\xC7T\u007F\xAC7xo\xC45\x94?!\xEDQ\xA56\u001DX\xB0\u007F%\x89J\xAD_\xE6}P\tؖ\x85P\xCA\xE8\u0011\xE6֫\xDC\xCC(\xB51G\u0002_{\xCE\u05EF\u0000\u0000\u0000\xFF\xFF\xA9\xE4Z\x9B2W\u0000\u0000\u0000\u00012C\u0000\u0000\u0000\xC1x^|\x8F\xBDN\xC40\u0010\x84\xC3kPn\u001D#\xDB\xCAᓫ\xAB\xA9\xA9h\x90\x897\x87\x85\u007F\xA2\xDBu\x81\xA2{w6\u0012BPp\x92\v\xDB\xF3\xEDΌ}\u001A\x86\xE1N\xCE\xFD\u0006\xA7\x82\u001Cb\xE0\u0000~\u0003\xFE\\u0011<,)\xE3\e\u0006V\xB1\xCD\u001FxQ\xB9\x9D\tFؿ~\xA9p\u001D\xE1ĩ
q(\xAB\bV\x9BG\xA5\x9D\xD2\xE6\xD9L\xFE\xE0\xBCu\u000F\xD3ѽȨ@\u0014\xCE\xFBny\xDCvIu\xED\xFC\xFA\xCD\u0010\xC7T\u007F\xAC7xo\xC45\x94?!\xEDQ\xA56\u001DX\xB0\u007F%\x89J\xAD_\xE6}P\tؖ\x85P\xCA\xE8\u0011\xE6֫\xDC\xCC(\xB51G\u0002_{\xCE\u05EF\u0000\u0000\u0000\xFF\xFF\xA9\xE4Z\x9B2W\u0000\u0000\u0000\u00012C\u0000\u0000\u0000\xC0x^|\x8F?O\xC40\f\xC5\xCB\xD7`\xF4\x9C\xA06\xEA\x91S\xA6\x9B\x99\x99XPh\xDC#"\u007F\xAA\xDA\u0019P\xD5\xEF\x8E+!\u0004\u0003'e\x88\xFD~\xEF\xE9\xD9<u]w'\xEF~\x83KF\xF6\xC1\xB3\a\xB7\u0001\u007F.\b\u000E\xE6\x98\xF0\r=\xEBP\xA7\u000F\u\xAAW\u0002\u0005\xC7\xEA\x97
This is a configuration problem?
thanks for you for your answers