【发布时间】:2021-04-14 15:44:32
【问题描述】:
我正在尝试将 GELF 消息(通过 HTTP 客户端)发送到 Logstash。
logstash.conf 文件如下所示:
input {
gelf {
use_tcp => true
}
}
output {
elasticsearch { hosts => ["10.32.0.80:9200"] }
}
如您所见,我得到了一个 _jsonparsefailure 标记,该标记也记录在 logstash 日志中。
logstash 日志:
[INFO ] 2021-04-14 14:36:54.155 [Agent thread] agent - Pipelines running {:count=>1,
:running_pipelines=>[:main], :non_running_pipelines=>[]}
[ERROR] 2021-04-14 14:51:12.025 [Ruby-0-Thread-39: :1] gelf - JSON parse failure. Falling back to
plain-text {:error=>#<LogStash::Json::ParserError: Unrecognized token 'PUT': was expecting ('true',
'false' or 'null')
at [Source: (byte[])"PUT / HTTP/1.1
Content-Type: application/json; charset=utf-8
Host: 10.32.8.133:12201
Content-Length: 371
Expect: 100-continue
Connection: Keep-Alive
{"version":"1.1","host":"postch-msm-order-statistics-test","short_message":"B2, total shipments:
999","full_message":"National: 999\nInternational: 0\nCollect:
0","level":6,"_event_type":"ShipmentDeclarationSent","_order_hash":"RGhktM2k6iH7n5MbxzzAsQ==","_product_type":"B2","_national_shipments_count":999,"_international_shipments_count":0,""[truncated 28 bytes]; line: 1, column: 5]>, :data=>"\"PUT / HTTP/1.1\\r\\nContent-Type: application/json; charset=utf-8\\r\\nHost: 10.32.8.133:12201\\r\\nContent-Length: 371\\r\\nExpect: 100-continue\\r\\nConnection: Keep-Alive\\r\\n\\r\\n{\\\"version\\\":\\\"1.1\\\",\\\"host\\\":\\\"postch-msm-order-statistics-test\\\",\\\"short_message\\\":\\\"B2, total shipments: 999\\\",\\\"full_message\\\":\\\"National: 999\\\\nInternational: 0\\\\nCollect: 0\\\",\\\"level\\\":6,\\\"_event_type\\\":\\\"ShipmentDeclarationSent\\\",\\\"_order_hash\\\":\\\"RGhktM2k6iH7n5MbxzzAsQ==\\\",\\\"_product_type\\\":\\\"B2\\\",\\\"_national_shipments_count\\\":999,\\\"_international_shipments_count\\\":0,\\\"_collect_shipments_count\\\":0}\""}
有人知道我为什么会收到这个错误吗?我相信 Logstash Gelf Input 插件必须知道 HTTP 请求(以 gelf 消息为正文)的样子。为什么我会收到此解析错误?我必须在不使用任何过滤器的情况下解决这个问题。有什么想法吗?
【问题讨论】:
标签: http elasticsearch logstash logstash-configuration gelf