I am using EventLog as my input and GELF as my output. I am using 1.1.13, but it wouldn't let me use that in the affected version. I receive the following error:
{ : timestamp=>"2013-07-30T18:36:18.326000+0000", : message=>"Trouble sending GELF event", : gelf_event=>{ "short_message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.", "full_message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.", "host"=>"ip-10-122-47-236", "file"=>"%{@source_path}", "_Category"=>0, "_ComputerName"=>"AMAZONA-444AB7B", "_EventCode"=>1001, "_EventIdentifier"=>1001, "_EventType"=>3, "_Logfile"=>"Application", "_Message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.", "_RecordNumber"=>20665, "_SourceName"=>"Microsoft-Windows-LoadPerf", "_TimeGenerated"=>"20130730183611.410153-000", "_TimeWritten"=>"20130730183611.410153-000", "_Type"=>"Information", "_User"=>"NT AUTHORITY SYSTEM", "_InsertionStrings"=>[ "tradestation : marketdata.proxyserver", "tradestation : marketdata.proxyserver", "12" ], "_Data"=>"X&\x00\x00Y&\x00\x00\xD6\x05\x00\x00", "_tags"=>"", "facility"=>"Eventlog Application", "level"=>6 }, : event=>#<LogStash: : Event: 0x1b7482a@cancelled=false, @data={ "@source"=>"eventlog://AMAZONA-444AB7B/Application", "@tags"=>[
], "@fields"=>{ "Category"=>0, "CategoryString"=>nil, "ComputerName"=>"AMAZONA-444AB7B", "EventCode"=>1001, "EventIdentifier"=>1001, "EventType"=>3, "Logfile"=>"Application", "Message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.", "RecordNumber"=>20665, "SourceName"=>"Microsoft-Windows-LoadPerf", "TimeGenerated"=>"20130730183611.410153-000", "TimeWritten"=>"20130730183611.410153-000", "Type"=>"Information", "User"=>"NT AUTHORITY SYSTEM", "InsertionStrings"=>[ "tradestation : marketdata.proxyserver", "tradestation : marketdata.proxyserver", "12" ], "Data"=>"X&\x00\x00Y&\x00\x00\xD6\x05\x00\x00" }, "@type"=>"ApplicationEventLog", "@timestamp"=>"2013-07-30T18:36:11+00:00", "@message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries." }>, : error=>#<Encoding: : UndefinedConversionError: "\xD6"fromASCII-8BITtoUTF-8>, : level=>: warn }
I am using EventLog as my input and GELF as my output. I am using 1.1.13, but it wouldn't let me use that in the affected version. I receive the following error:
{
: timestamp=>"2013-07-30T18:36:18.326000+0000",
: message=>"Trouble sending GELF event",
: gelf_event=>{
"short_message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.",
"full_message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.",
"host"=>"ip-10-122-47-236",
"file"=>"%{@source_path}",
"_Category"=>0,
"_ComputerName"=>"AMAZONA-444AB7B",
"_EventCode"=>1001,
"_EventIdentifier"=>1001,
"_EventType"=>3,
"_Logfile"=>"Application",
"_Message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.",
"_RecordNumber"=>20665,
"_SourceName"=>"Microsoft-Windows-LoadPerf",
"_TimeGenerated"=>"20130730183611.410153-000",
"_TimeWritten"=>"20130730183611.410153-000",
"_Type"=>"Information",
"_User"=>"NT AUTHORITY
SYSTEM",
"_InsertionStrings"=>[
"tradestation : marketdata.proxyserver",
"tradestation : marketdata.proxyserver",
"12"
],
"_Data"=>"X&\x00\x00Y&\x00\x00\xD6\x05\x00\x00",
"_tags"=>"",
"facility"=>"Eventlog Application",
"level"=>6
},
: event=>#<LogStash: : Event: 0x1b7482a@cancelled=false,
@data={
"@source"=>"eventlog://AMAZONA-444AB7B/Application",
"@tags"=>[
],
"@fields"=>{
"Category"=>0,
"CategoryString"=>nil,
"ComputerName"=>"AMAZONA-444AB7B",
"EventCode"=>1001,
"EventIdentifier"=>1001,
"EventType"=>3,
"Logfile"=>"Application",
"Message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.",
"RecordNumber"=>20665,
"SourceName"=>"Microsoft-Windows-LoadPerf",
"TimeGenerated"=>"20130730183611.410153-000",
"TimeWritten"=>"20130730183611.410153-000",
"Type"=>"Information",
"User"=>"NT AUTHORITY
SYSTEM",
"InsertionStrings"=>[
"tradestation : marketdata.proxyserver",
"tradestation : marketdata.proxyserver",
"12"
],
"Data"=>"X&\x00\x00Y&\x00\x00\xD6\x05\x00\x00"
},
"@type"=>"ApplicationEventLog",
"@timestamp"=>"2013-07-30T18:36:11+00:00",
"@message"=>"Performance counters for the tradestation : marketdata.proxyserver (tradestation : marketdata.proxyserver) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries."
}>,
: error=>#<Encoding: : UndefinedConversionError: "\xD6"fromASCII-8BITtoUTF-8>,
: level=>: warn
}
This seems to be related to Logstash 686 and Logstash 697