Hoping you can help me out. We're testing out the Enterprise version of NXLog to resolve a read/write buffer limitation and I'm seeing some funky stuff in my logstash.log file on my nodes since making the switch...
First:
Code: Select all
{:timestamp=>"2021-03-02T08:44:42.903000-0800", :message=>"Received an event that has a different character encoding than you configured.", :text=>"{\\\"EventReceivedTime\\\":\\\"2021-03-02 08:44:42\\\",\\\"SourceModuleName\\\":\\\"in\\\",\\\"SourceModuleType\\\":\\\"im_file\\\",\\\"ThreadId\\\":\\\"02F8\\\",\\\"Context\\\":\\\"PACKET\\\",\\\"InternalPacketIdentifier\\\":\\\"00000015158367A0\\\",\\\"Protocol\\\":\\\"UDP\\\",\\\"SendReceiveIndicator\\\":\\\"Rcv\\\",\\\"RemoteIP\\\":\\\"xxxxxxxxxxx\\\",\\\"Xid\\\":\\\"d999\\\",\\\"QueryType\\\":\\\" \\\",\\\"OpCode\\\":\\\"Q\\\",\\\"QFlags\\\":\\\"[0001 D NOERROR]\\\",\\\"QuestionType\\\":\\\"A\\\",\\\"QuestionName\\\":\\\"(9)\\xC0\\xFA\\xCE\\xF6\\x9B\\xFB\\xCE\\xF6\\\\f(0)\\\",\\\"LogInfo\\\":\\\"UDP question info at 00000015158367A0\\\",\\\"Socket\\\":\\\"488\\\",\\\"RemoteAddr\\\":\\\"xxxxxxxxxxx\\\",\\\"PortNum\\\":\\\"57879\\\",\\\"TimeQuery\\\":\\\"1171928\\\",\\\"Queued\\\":\\\"0\\\",\\\"Expire\\\":\\\"0\\\",\\\"BufLen\\\":\\\"4000\\\",\\\"MsgLen\\\":\\\"27\\\",\\\"EventTime\\\":null,\\\"message\\\":\\\"XID 0xd999\\\\r\\\\n Flags 0x0100\\\\r\\\\n QR 0 (QUESTION)\\\\r\\\\n OPCODE 0 (QUERY)\\\\r\\\\n AA 0\\\\r\\\\n TC 0\\\\r\\\\n RD 1\\\\r\\\\n RA 0\\\\r\\\\n Z 0\\\\r\\\\n CD 0\\\\r\\\\n AD 0\\\\r\\\\n RCODE 0 (NOERROR)\\\\r\\\\n QCOUNT 1\\\\r\\\\n ACOUNT 0\\\\r\\\\n NSCOUNT 0\\\\r\\\\n ARCOUNT 0\\\\r\\\\n QUESTION SECTION:\\\\r\\\\n Offset = 0x000c, RR count = 0\\\\r\\\\n Name \\\\\\\"(9)\\xC0\\xFA\\xCE\\xF6\\x9B\\xFB\\xCE\\xF6\\\\f(0)\\\\\\\"\\\\r\\\\n QTYPE A (1)\\\\r\\\\n QCLASS 1\\\\r\\\\n ANSWER SECTION:\\\\r\\\\n empty\\\\r\\\\n AUTHORITY SECTION:\\\\r\\\\n empty\\\\r\\\\n ADDITIONAL SECTION:\\\\r\\\\n empty\\\\r\\\\n\\\"}\\r", :expected_charset=>"UTF-8", :level=>:warn}
Second:
Code: Select all
{:timestamp=>"2021-03-02T04:19:37.462000-0800", :message=>"Failed action. ", :status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2021.03.02", :_type=>"eventlog", :_routing=>nil}, #<LogStash::Event:0x664b9614 @metadata_accessors=#<LogStash::Util::Accessors:0x682b0609 @store={}, @lut={}>, @cancelled=false, @data={"EventTime"=>"2021-03-02 04:19:35", "Hostname"=>"xxxxxxxxxxx", "Keywords"=>576460752309714944, "EventType"=>"INFO", "SeverityValue"=>2, "Severity"=>"INFO", "EventID"=>505, "SourceName"=>"Microsoft-Windows-StorPort", "ProviderGuid"=>"{C4636A1E-7986-4646-BF10-7BC3B4A76E8E}", "Version"=>4, "Task"=>201, "OpcodeValue"=>0, "RecordNumber"=>7427, "ProcessID"=>0, "ThreadID"=>0, "Channel"=>"Microsoft-Windows-Storage-Storport/Operational", "Category"=>"Port", "Opcode"=>"Info", "PortNumber"=>"0", "PathID"=>"0", "TargetID"=>"0", "LUN"=>"0", "ClassDeviceGuid"=>"{3dbf5af6-78cb-aeee-3bbe-72dae07dda6f}", "AdapterGuid"=>"{8849092a-499e-11eb-8119-806e6f6e6963}", "BusType"=>"0", "MiniportName"=>"LSI_SAS", "IoTimeout_s"=>"0", "VendorId"=>"VMware ", "ProductId"=>"Virtual disk ", "SerialNumber"=>"6000c295b3fc4999806a02739bc5dd5e", "SystemUptime_s"=>"1587706", "TotalIoCount"=>"23333", "TotalDeviceQueueIoCount"=>"0", "MaxDeviceQueueCount"=>"1", "MaxOutstandingCount"=>"1", "TotalDeviceQueueIoWaitDuration_100ns"=>"0", "MaxDeviceQueueIoWaitDuration_100ns"=>"0", "DeviceQueueIoWaitExceededTimeoutCount"=>"0", "DeviceQueueIoBusyCount"=>"0", "DeviceQueueIoPausedCount"=>"0", "DeviceQueueIoUntaggedCommandOutstandingCount"=>"0", "DeviceQueueIoPausedForUntaggedCount"=>"0", "MaxReadWriteLatency_100ns"=>"94653", "MaxFlushLatency_100ns"=>"0", "MaxUnmapLatency_100ns"=>"0", "IoLatencyBuckets"=>"256us, 1ms, 4ms, 16ms, 64ms, 128ms, 256ms, 2000ms, 6000ms, 10000ms, 20000ms, 20000+ms", "BucketIoSuccess1"=>"3666", "BucketIoSuccess2"=>"18511", "BucketIoSuccess3"=>"1117", "BucketIoSuccess4"=>"39", "BucketIoSuccess5"=>"0", "BucketIoSuccess6"=>"0", "BucketIoSuccess7"=>"0", "BucketIoSuccess8"=>"0", "BucketIoSuccess9"=>"0", "BucketIoSuccess10"=>"0", "BucketIoSuccess11"=>"0", "BucketIoSuccess12"=>"0", "BucketIoFailed1"=>"0", "BucketIoFailed2"=>"0", "BucketIoFailed3"=>"0", "BucketIoFailed4"=>"0", "BucketIoFailed5"=>"0", "BucketIoFailed6"=>"0", "BucketIoFailed7"=>"0", "BucketIoFailed8"=>"0", "BucketIoFailed9"=>"0", "BucketIoFailed10"=>"0", "BucketIoFailed11"=>"0", "BucketIoFailed12"=>"0", "BucketIoLatency1_100ns"=>"1661656", "BucketIoLatency2_100ns"=>"95636263", "BucketIoLatency3_100ns"=>"16930490", "BucketIoLatency4_100ns"=>"1963732", "BucketIoLatency5_100ns"=>"0", "BucketIoLatency6_100ns"=>"0", "BucketIoLatency7_100ns"=>"0", "BucketIoLatency8_100ns"=>"0", "BucketIoLatency9_100ns"=>"0", "BucketIoLatency10_100ns"=>"0", "BucketIoLatency11_100ns"=>"0", "BucketIoLatency12_100ns"=>"0", "TotalReadBytes"=>"104936448", "TotalWriteBytes"=>"146734080", "HighLatencyIoCount"=>"0", "EventReceivedTime"=>"2021-03-02 04:19:37", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"Performance summary for Storport Device (Port = 0, Path = 0, Target = 0, Lun = 0) whose Corresponding Class Disk Device Guid is {3dbf5af6-78cb-aeee-3bbe-72dae07dda6f}: \r\nTotal IO:23333 \r\nFor latency buckets of 256us, 1ms, 4ms, 16ms, 64ms, 128ms, 256ms, 2000ms, 6000ms, 10000ms, 20000ms, 20000+ms, \r\nThe IO success counts are 3666, 18511, 1117, 39, 0, 0, 0, 0, 0, 0, 0, 0. \r\nThe IO failed counts are 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0. \r\nThe IO total latency (in 100ns) are 1661656, 95636263, 16930490, 1963732, 0, 0, 0, 0, 0, 0, 0, 0. \r\nTotal Bytes Read:104936448 \r\nTotal Bytes Written:146734080", "@version"=>"1" :level=>:warn}
Thank you!
