Nagios Support Forum

Code: Select all

{:timestamp=>"2021-03-02T08:44:42.903000-0800", :message=>"Received an event that has a different character encoding than you configured.", :text=>"{\\\"EventReceivedTime\\\":\\\"2021-03-02 08:44:42\\\",\\\"SourceModuleName\\\":\\\"in\\\",\\\"SourceModuleType\\\":\\\"im_file\\\",\\\"ThreadId\\\":\\\"02F8\\\",\\\"Context\\\":\\\"PACKET\\\",\\\"InternalPacketIdentifier\\\":\\\"00000015158367A0\\\",\\\"Protocol\\\":\\\"UDP\\\",\\\"SendReceiveIndicator\\\":\\\"Rcv\\\",\\\"RemoteIP\\\":\\\"xxxxxxxxxxx\\\",\\\"Xid\\\":\\\"d999\\\",\\\"QueryType\\\":\\\" \\\",\\\"OpCode\\\":\\\"Q\\\",\\\"QFlags\\\":\\\"[0001   D   NOERROR]\\\",\\\"QuestionType\\\":\\\"A\\\",\\\"QuestionName\\\":\\\"(9)\\xC0\\xFA\\xCE\\xF6\\x9B\\xFB\\xCE\\xF6\\\\f(0)\\\",\\\"LogInfo\\\":\\\"UDP question info at 00000015158367A0\\\",\\\"Socket\\\":\\\"488\\\",\\\"RemoteAddr\\\":\\\"xxxxxxxxxxx\\\",\\\"PortNum\\\":\\\"57879\\\",\\\"TimeQuery\\\":\\\"1171928\\\",\\\"Queued\\\":\\\"0\\\",\\\"Expire\\\":\\\"0\\\",\\\"BufLen\\\":\\\"4000\\\",\\\"MsgLen\\\":\\\"27\\\",\\\"EventTime\\\":null,\\\"message\\\":\\\"XID       0xd999\\\\r\\\\n    Flags     0x0100\\\\r\\\\n      QR        0 (QUESTION)\\\\r\\\\n      OPCODE    0 (QUERY)\\\\r\\\\n      AA        0\\\\r\\\\n      TC        0\\\\r\\\\n      RD        1\\\\r\\\\n      RA        0\\\\r\\\\n      Z         0\\\\r\\\\n      CD        0\\\\r\\\\n      AD        0\\\\r\\\\n      RCODE     0 (NOERROR)\\\\r\\\\n    QCOUNT    1\\\\r\\\\n    ACOUNT    0\\\\r\\\\n    NSCOUNT   0\\\\r\\\\n    ARCOUNT   0\\\\r\\\\n    QUESTION SECTION:\\\\r\\\\n    Offset = 0x000c, RR count = 0\\\\r\\\\n    Name      \\\\\\\"(9)\\xC0\\xFA\\xCE\\xF6\\x9B\\xFB\\xCE\\xF6\\\\f(0)\\\\\\\"\\\\r\\\\n      QTYPE   A (1)\\\\r\\\\n      QCLASS  1\\\\r\\\\n    ANSWER SECTION:\\\\r\\\\n      empty\\\\r\\\\n    AUTHORITY SECTION:\\\\r\\\\n      empty\\\\r\\\\n    ADDITIONAL SECTION:\\\\r\\\\n      empty\\\\r\\\\n\\\"}\\r", :expected_charset=>"UTF-8", :level=>:warn}

Code: Select all

{:timestamp=>"2021-03-02T04:19:37.462000-0800", :message=>"Failed action. ", :status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2021.03.02", :_type=>"eventlog", :_routing=>nil}, #<LogStash::Event:0x664b9614 @metadata_accessors=#<LogStash::Util::Accessors:0x682b0609 @store={}, @lut={}>, @cancelled=false, @data={"EventTime"=>"2021-03-02 04:19:35", "Hostname"=>"xxxxxxxxxxx", "Keywords"=>576460752309714944, "EventType"=>"INFO", "SeverityValue"=>2, "Severity"=>"INFO", "EventID"=>505, "SourceName"=>"Microsoft-Windows-StorPort", "ProviderGuid"=>"{C4636A1E-7986-4646-BF10-7BC3B4A76E8E}", "Version"=>4, "Task"=>201, "OpcodeValue"=>0, "RecordNumber"=>7427, "ProcessID"=>0, "ThreadID"=>0, "Channel"=>"Microsoft-Windows-Storage-Storport/Operational", "Category"=>"Port", "Opcode"=>"Info", "PortNumber"=>"0", "PathID"=>"0", "TargetID"=>"0", "LUN"=>"0", "ClassDeviceGuid"=>"{3dbf5af6-78cb-aeee-3bbe-72dae07dda6f}", "AdapterGuid"=>"{8849092a-499e-11eb-8119-806e6f6e6963}", "BusType"=>"0", "MiniportName"=>"LSI_SAS", "IoTimeout_s"=>"0", "VendorId"=>"VMware  ", "ProductId"=>"Virtual disk    ", "SerialNumber"=>"6000c295b3fc4999806a02739bc5dd5e", "SystemUptime_s"=>"1587706", "TotalIoCount"=>"23333", "TotalDeviceQueueIoCount"=>"0", "MaxDeviceQueueCount"=>"1", "MaxOutstandingCount"=>"1", "TotalDeviceQueueIoWaitDuration_100ns"=>"0", "MaxDeviceQueueIoWaitDuration_100ns"=>"0", "DeviceQueueIoWaitExceededTimeoutCount"=>"0", "DeviceQueueIoBusyCount"=>"0", "DeviceQueueIoPausedCount"=>"0", "DeviceQueueIoUntaggedCommandOutstandingCount"=>"0", "DeviceQueueIoPausedForUntaggedCount"=>"0", "MaxReadWriteLatency_100ns"=>"94653", "MaxFlushLatency_100ns"=>"0", "MaxUnmapLatency_100ns"=>"0", "IoLatencyBuckets"=>"256us, 1ms, 4ms, 16ms, 64ms, 128ms, 256ms, 2000ms, 6000ms, 10000ms, 20000ms, 20000+ms", "BucketIoSuccess1"=>"3666", "BucketIoSuccess2"=>"18511", "BucketIoSuccess3"=>"1117", "BucketIoSuccess4"=>"39", "BucketIoSuccess5"=>"0", "BucketIoSuccess6"=>"0", "BucketIoSuccess7"=>"0", "BucketIoSuccess8"=>"0", "BucketIoSuccess9"=>"0", "BucketIoSuccess10"=>"0", "BucketIoSuccess11"=>"0", "BucketIoSuccess12"=>"0", "BucketIoFailed1"=>"0", "BucketIoFailed2"=>"0", "BucketIoFailed3"=>"0", "BucketIoFailed4"=>"0", "BucketIoFailed5"=>"0", "BucketIoFailed6"=>"0", "BucketIoFailed7"=>"0", "BucketIoFailed8"=>"0", "BucketIoFailed9"=>"0", "BucketIoFailed10"=>"0", "BucketIoFailed11"=>"0", "BucketIoFailed12"=>"0", "BucketIoLatency1_100ns"=>"1661656", "BucketIoLatency2_100ns"=>"95636263", "BucketIoLatency3_100ns"=>"16930490", "BucketIoLatency4_100ns"=>"1963732", "BucketIoLatency5_100ns"=>"0", "BucketIoLatency6_100ns"=>"0", "BucketIoLatency7_100ns"=>"0", "BucketIoLatency8_100ns"=>"0", "BucketIoLatency9_100ns"=>"0", "BucketIoLatency10_100ns"=>"0", "BucketIoLatency11_100ns"=>"0", "BucketIoLatency12_100ns"=>"0", "TotalReadBytes"=>"104936448", "TotalWriteBytes"=>"146734080", "HighLatencyIoCount"=>"0", "EventReceivedTime"=>"2021-03-02 04:19:37", "SourceModuleName"=>"eventlog", "SourceModuleType"=>"im_msvistalog", "message"=>"Performance summary for Storport Device (Port = 0, Path = 0, Target = 0, Lun = 0) whose Corresponding Class Disk Device Guid is {3dbf5af6-78cb-aeee-3bbe-72dae07dda6f}:                 \r\nTotal IO:23333                 \r\nFor latency buckets of 256us, 1ms, 4ms, 16ms, 64ms, 128ms, 256ms, 2000ms, 6000ms, 10000ms, 20000ms, 20000+ms,                 \r\nThe IO success counts are 3666, 18511, 1117, 39, 0, 0, 0, 0, 0, 0, 0, 0.                 \r\nThe IO failed counts are 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0.                 \r\nThe IO total latency (in 100ns) are 1661656, 95636263, 16930490, 1963732, 0, 0, 0, 0, 0, 0, 0, 0.                 \r\nTotal Bytes Read:104936448                 \r\nTotal Bytes Written:146734080", "@version"=>"1" :level=>:warn}

Code: Select all

if [SourceName] == 'Microsoft-Windows-StorPort' {
drop{}
}

Code: Select all

...
Name      \\\\\\\"(9)\\xC0\\xFA\\xCE\\xF6\\x9B\\xFB\\xCE\\xF6\\\\f(
...