Logstash-更改字符集-收到的事件的字符编码与您配置的不同
我有ELK堆栈(带有logstash转发器)设置,它似乎在为JBoss日志工作。我发现我无法在工作的服务器上获取其他日志,这很奇怪。我检查了/var/log/logstash/logstash.log,它包含以下错误:Logstash-更改字符集-收到的事件的字符编码与您配置的不同,logstash,logstash-configuration,elastic-stack,logstash-forwarder,Logstash,Logstash Configuration,Elastic Stack,Logstash Forwarder,我有ELK堆栈(带有logstash转发器)设置,它似乎在为JBoss日志工作。我发现我无法在工作的服务器上获取其他日志,这很奇怪。我检查了/var/log/logstash/logstash.log,它包含以下错误: {:timestamp=>"2016-03-02T16:02:25.232000-0500", :message=>"Received an event that has a different character encoding than you configur
{:timestamp=>"2016-03-02T16:02:25.232000-0500", :message=>"Received an event that has a different character encoding than you configured.", :text=>"\\tat company.core.controller.flat.FlatApplicationController.\\xFB(FlatApplicationController.java:3242)", :expected_charset=>"UTF-8", :level=>:warn}
在线阅读时,我似乎必须指定日志文件使用的字符集。我检查了en的WebSphere默认值,即ISO-8859。我无法将此应用于我的配置
我使用了以下指南-
我试图将“charset=>”ISO-8859-1“添加到/etc/logstash/conf.d/01-lumberjack-input.conf文件中:
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
charset => "ISO-8859-1"
}
}
这似乎不起作用,因为我得到了同样的错误
有人能提供关于如何正确设置字符集的说明吗?我认为您必须使用纯文本选项,在那里您可以更改字符集
codec => plain { charset => "ISO-8859-1" }
如果在同一端口上同时运行tcp输入(如lumberjack)和udp输入(如gelf),则会出现错误“接收到具有不同字符编码的事件…” 这是由于udp输入试图解释tcp握手数据包。除非在不同的端口上运行输入侦听器,否则它将失败 这将有助于:
input {
lumberjack {
port => "5001"
ssl_certificate => "/some/path/cert"
ssl_key => "/some/path/cert.key"
}
gelf {
port => "5000"
}
}
这将导致编码错误:
input {
lumberjack {
port => "5000"
ssl_certificate => "/some/path/cert"
ssl_key => "/some/path/cert.key"
}
gelf {
port => "5000"
}
}