elasticsearch – elastic mssql.yml logbeat: log.original formatting wrong

admin

MY MS SQL servers send their errorlog to elastic (via filebeat, pugin mssql.yml).
Data arrives, but when I want to filter (on value log.original, which contains the complete error), I get a lot of incorrect characters:

log.original value

I tried to change the encoding in mssql.yml, but issue stays the same (added encoding part):

  • module: mssql
    log:
    enabled: true
    var.paths: [‘F:\MSSQL*\MSSQL\Log\ERRORLOG*’,’G:\MSSQL*\MSSQL\Log\ERRORLOG*’]

    input:
    encoding: utf-16le

All my entries also have this :
error.message:Text ‘\u00002\u00000\u00002\u00003\u0000-\u00001\u00000\u0000-\u00003\u00000\u0000 \u00001\u00000\u0000:\u00001\u00000\u0000:\u00003\u00003\u0000.\u00009\u00007\u0000’ could not be parsed at index 0

I don’t know if this is relevant for this issue, or if this is another issue altogether.

Thanks a million,

Gert

Read more here: Source link