Picking the right charset for Filebeat

(X Calibur) #1


In the beginning I received the following error from Logstash when attempting to send in Linux security logs:

"Received an event that has a different character encoding than you configured".

After checking the logs characterset I determined it was US-ASCII.
I changed my conf as follows:


    syslog {
            type => "syslog"
            port => 55556
            codec => plain { charset => "US-ASCII" }
            add_field => { "data_source" => "linux_security" }


if [data_source] == "linux_security" {

            elasticsearch {
                    hosts => ["localhost:9200"]
                    index => "lnx_sec-%{+YYYY.ww}"
                    user => elastic
                    password => password


Now only a part of the message appears as gibberish on Kibana:

What am I missing?

(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.