Hi,
In the beginning I received the following error from Logstash when attempting to send in Linux security logs:
"Received an event that has a different character encoding than you configured".
After checking the logs characterset I determined it was US-ASCII.
I changed my conf as follows:
input{
syslog { type => "syslog" port => 55556 codec => plain { charset => "US-ASCII" } add_field => { "data_source" => "linux_security" } }}
output{
if [data_source] == "linux_security" {elasticsearch { hosts => ["localhost:9200"] index => "lnx_sec-%{+YYYY.ww}" user => elastic password => password } }}
Now only a part of the message appears as gibberish on Kibana:
What am I missing?