问题描述
我正在尝试将 GELF 消息(通过 HTTP 客户端)发送到 Logstash。
logstash.conf 文件如下所示:
input {
gelf {
use_tcp => true
}
}
output {
elasticsearch { hosts => ["10.32.0.80:9200"] }
}
在Grafana中,日志是这样显示的:
如您所见,我收到了一个 _jsonparsefailure 标记,该标记也与 logstash 日志一起记录。
logstash 日志:
[INFO ] 2021-04-14 14:36:54.155 [Agent thread] agent - Pipelines running {:count=>1,:running_pipelines=>[:main],:non_running_pipelines=>[]}
[ERROR] 2021-04-14 14:51:12.025 [Ruby-0-Thread-39: :1] gelf - JSON parse failure. Falling back to
plain-text {:error=>#<LogStash::Json::ParserError: Unrecognized token 'PUT': was expecting ('true','false' or 'null')
at [Source: (byte[])"PUT / HTTP/1.1
Content-Type: application/json; charset=utf-8
Host: 10.32.8.133:12201
Content-Length: 371
Expect: 100-continue
Connection: Keep-Alive
{"version":"1.1","host":"postch-msm-order-statistics-test","short_message":"B2,total shipments:
999","full_message":"National: 999\nInternational: 0\nCollect:
0","level":6,"_event_type":"ShipmentDeclarationSent","_order_hash":"RGhktM2k6iH7n5MbxzzAsQ==","_product_type":"B2","_national_shipments_count":999,"_international_shipments_count":0,""[truncated 28 bytes]; line: 1,column: 5]>,:data=>"\"PUT / HTTP/1.1\\r\\nContent-Type: application/json; charset=utf-8\\r\\nHost: 10.32.8.133:12201\\r\\nContent-Length: 371\\r\\nExpect: 100-continue\\r\\nConnection: Keep-Alive\\r\\n\\r\\n{\\\"version\\\":\\\"1.1\\\",\\\"host\\\":\\\"postch-msm-order-statistics-test\\\",\\\"short_message\\\":\\\"B2,total shipments: 999\\\",\\\"full_message\\\":\\\"National: 999\\\\nInternational: 0\\\\nCollect: 0\\\",\\\"level\\\":6,\\\"_event_type\\\":\\\"ShipmentDeclarationSent\\\",\\\"_order_hash\\\":\\\"RGhktM2k6iH7n5MbxzzAsQ==\\\",\\\"_product_type\\\":\\\"B2\\\",\\\"_national_shipments_count\\\":999,\\\"_international_shipments_count\\\":0,\\\"_collect_shipments_count\\\":0}\""}
有谁知道我为什么会收到这个错误?我相信 Logstash Gelf Input 插件必须知道 HTTP 请求(以 gelf 消息为主体)的样子。为什么我会收到这个解析错误?我必须在不使用任何过滤器的情况下解决这个问题。有什么想法吗?